In association with heise online

13 January 2009, 11:27

RIM closes critical holes in Blackberry

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Groomed PDF files that can be used to attack a BlackBerry server, are at the root of a security update from RIM. According to RIM's report, a bug in the PDF distiller element of the Attachment Service makes it vulnerable to an attacker taking control of the server. The Attachment Service allows BlackBerry users to view documents more easily on their device by having the server pre-process them. The problem can only be provoked when a BlackBerry user wants to view a PDF attachment.

RIM fixed a similar problem in mid 2008, and again has provided updates for BlackBerry Enterprise Server, versions 4.1.3 to 4.1.6, BlackBerry Professional Software Service Pack 4 (4.1.4) and BlackBerry Unite versions before service pack 1.0.3.

As a workaround, RIM recommends that the processing of PDFs be disabled in the Attachment service, and gives instructions on how to do this in the advisories. As RIM have assigned the vulnerabilities a 9.3 out of 10 on the Common Vulnerability Scoring System (CVSS), administrators should act quickly.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-739645
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit