RIM patches BlackBerry PDF vulnerability
- — 05 June, 2009 04:04
Research in Motion (RIM) has issued a new security patch for BlackBerry Enterprise Server to fix vulnerabilities in its PDF distiller program.
The patch was issued on a BlackBerry forum last week and was billed as a fix for any customers that use BlackBerry Enterprise Server (BES) versions 4.1 through 5.0. RIM said that there were "multiple security vulnerabilities" that existed in some versions of the enterprise servers' PDF distiller that were released as part of the BlackBerry Attachment Service.
The vulnerabilities could allow hackers to send users e-mails containing a "specifically crafted PDF file" that could cause memory corruption and "possibly lead to arbitrary code execution" of the computer hosting the attachment service.
While companies take time to test the new patch on their systems, RIM recommends that IT departments prevent the attachment service from processing any PDF files that come through the BES environment (instructions for disabling PDF downloads can be found here).
RIM also says that companies could install the attachment service onto a remote computer and place it in its own remote network segment to stop the spread of malicious PDF files throughout the network.
