Peaches Posted May 27, 2009 Report Share Posted May 27, 2009 27 May 2009, 11:00RIM closes another BlackBerry PDF vulnerability "According to Research In Motion (RIM), a specially crafted PDF file can be used by an attacker to gain control of a BlackBerry Enterprise server. As with several previous vulnerabilities, the problem is in the PDF distiller of the BlackBerry Attachment service which pre-processes documents on the server so they can be easily read on a BlackBerry device. Opening the crafted PDF document on a BlackBerry smartphone client triggers the server error, causing memory corruption which leads to the execution of arbitrary code. According to RIM, BlackBerry Enterprise Server 4.1.3, 5.0 and BlackBerry Professional 4.1.4 are affected. The Interim Security Software Update 2 for Enterprise Server 5.0 and Update 4 for Enterprise Server 4.1.3 and Professional fix the problem.While RIM have released updates to the applications, in the interim they advise disabling PDF file processing on the BlackBerry server and give instructions on how to do so in the advisory."See also:Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server, security advisory from RIM.Heise security - http://www.h-online.com/security/RIM-close...y--/news/113385 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.