Research in Motion is warning corporate IT administrators that a serious security flaw in the BlackBerry Enterprise Server's (BES) BlackBerry Attachment Service could allow hackers to execute malicious code and hijack infrastructure. The vulnerability is ranked by RIM as a 9.0 on a scale of 0 to 10, with 10 representing the most critical flaws.
IT departments using BES software version 4.1 Service Pack (SP) 3 through BES v4.1 SP5 are at risk, as are users of BlackBerry Unite! version 1.0 SP1 bundle 36 or earlier, according to RIM. BlackBerry Unite! is a service that lets users access shared files via BlackBerry.
From a RIM security advisory:
"A security vulnerability in the PDF distiller of the BlackBerry Attachment Service could enable a malicious individual to use a specially crafted PDF file attachment in an email message to cause arbitrary code to execute on the computer that the BlackBerry Attachment Service runs on. If a BlackBerry smartphone user on BlackBerry Unite! opens and views the specially crafted PDF file attachment on the BlackBerry smartphone; the arbitrary code execution could compromise the computer."
BES administrators should take measures to address the flaw immediately, RIM says.
RIM has not yet released an estimated resolution timeframe regarding the BES flaw, but it recommends upgrading BlackBerry Unite! to any version that's more recent than v1.0 SP1 bundle 36. For more information on how to upgrade, visit RIM's website.
Administrators should also prevent the BlackBerry Attachment Server from processing PDF files in a BES environment, according to the company. Specific instructions on how to do so are also available on RIM's site, along with general BlackBerry security information.
A comparable flaw was recently discovered in libpoppler, an open source PDF rendering library, according to U.K. security news and service firm Heise.
- Sponsored Resource:Are you ready for virtualization? Try the sever assessment tool.
- Sponsored Resource:Learn more about ultra light notebooks from Asus and the best warranty in the industry.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Get the truth about remanufactured ink. Learn more from HP.
- Sponsored Resource:Six smart ways to grow small business IT
News For Your Business
- Singapore Gets IPhone, but No Visual Voicemail or ITunes
- Looking for a Fix for Apple's IPhone Fix
- Ericsson, STMicro Merge Wireless Chips
- Vodafone to Offer Pricey IPhone 3G in India
- IFrogz Offers New IPhone 3G Cases
Community Comments