RIM squashes BlackBerry PDF peril
Print storyPurple alert over high-impact bugs
Posted in Mobile, 14th January 2009 13:46 GMT
Tune into our application security webcast, click here
Research in Motion (RIM) has published a patch that fixes a pair of critical flaws in the way BlackBerry servers handle malformed PDF files.
The two related security updates address vulnerabilities in the PDF Distiller of the BlackBerry Attachment Service for BlackBerry Unite and BlackBerry Enterprise Server, respectively. As a result of the bugs, hackers might be able to inject hostile code onto computer systems running the BlackBerry Attachment Service, providing they can trick the user of a BlackBerry smartphone into opening a maliciously crafted PDF attachment, contained in an email message sent to them.
RIM advises enterprises that use BlackBerry to roll out patches sooner rather than later. Its suggested workaround - disabling the receipt of PDF attachments - may be tough to live with for many organisations, given the widespread use of the document technology.
The vulnerabilities were discovered by security researchers at iDefense and earn a Common Vulnerability Scoring System (CVSS) rating of 9.3, on a scale of one to 10, placing them far into the top end of the risk spectrum.
Security advisories on the issue from RIM can be found here and here.
The potential impact of the bugs, and potential future flaws like them, underlines at least one of the reasons why White House information security specialists are keen to wean President-Elect Barack Obama off his BlackBerry before he takes office next week. ®
The future of SaaS and IT infrastructure management
The Total Economic Impact of Dell's PC products and services
The best practices guide for application security
Avoiding 7 common mistakes of IT security compliance
The starter PKI program
Win a Samsung C6625!
Is your cameraphone an oxymoron?
Windows 7, Bing and security: Mr Ballmer regrets
Sign up, sign up for The Register IT security newsletter