BlackBerry PDF flaw exposes corporate networks

July 17, 2008 – 5:44 AM

A “high” severity flaw affecting how BlackBerry Enterprise Server (BES) opens PDF attachments could be used to compromise a corporate network. Research in Motion quietly disclosed the flaw last week but is yet to issue a patch.

“This issue has been escalated internally to our development team. No resolution time frame is currently available,” RIM states in its advisory.

Until it can issue a patch, RIM has warned customers to disable the BlackBerry Attachment Service, which allows BES to process PDF attachments for users to view on their BlackBerry devices. The flaw concerns how the BlackBerry Attachment Service processes PDF files, which can be exploited via a maliciously crafted PDF.

Vulnerable systems include BES software version 4.1 Service Pack 3 (4.1.3) through to 4.1 Service Pack 5 (4.1.5). RIM has given the advisory a “high” severity rating.

“If a BlackBerry smartphone user on a BlackBerry Enterprise Server opens and views the specially crafted PDF file attachment on the BlackBerry smartphone, the arbitrary code execution could compromise the computer,” RIM states on its advisory.


You must be logged in to post a comment.