BlackBerry PDF exploit exposes corporate networks

BlackBerry maker Research in Motion is warning businesses to disable the function which allows a BlackBerry to read PDF files until it can issue an update, after a security flaw was found in the company's software. A “high” severity flaw affecting how BlackBerry Enterprise Server (BES) opens PDF attachments could be used to compromise a […]

BlackBerry maker Research in Motion is warning businesses to disable the function which allows a BlackBerry to read PDF files until it can issue an update, after a security flaw was found in the company's software.

A “high” severity flaw affecting how BlackBerry Enterprise Server (BES) opens PDF attachments could be used to compromise a corporate network. Research in Motion quietly disclosed the flaw last week but is yet to issue a patch.

“This issue has been escalated internally to our development team. No resolution time frame is currently available,” RIM states in its advisory.

Until it can issue a patch, RIM has warned customers to disable the BlackBerry Attachment Service, which allows BES to process PDF attachments for users to view on their BlackBerry devices. The flaw concerns how the BlackBerry Attachment Service processes PDF files, which can be exploited via a maliciously crafted PDF.

Vulnerable systems include BES software version 4.1 Service Pack 3 (4.1.3) through to 4.1 Service Pack 5 (4.1.5). RIM has given the advisory a “high” severity rating.

Full Article