BlackBerry server faced with critical zero-day

A serious PDF handling flaw in BlackBerry Enterprise Server could be exploited by attackers to gain access to sensitive information.

A critical zero-day flaw in BlackBerry Enterprise Server could be exploited by attackers to gain access to sensitive data, according to an advisory issued by the French Security Incident Response Team (FrSIRT).

The flaw is a PDF attachment handling error in the BlackBerry Attachment Service, FrSIRT said. An attacker could exploit the flaw by tricking a user to open a malicious PDF file attachment.

The problem can be found in BlackBerry Enterprise Server software version 4.1.3 through version 4.1.5 and BlackBerry Unite software versions prior to 1.0.1. Users of BlackBerry Unite can upgrade to the latest version.

The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.0. FrSIRT has rated it "critical."

BlackBerry maker Research in Motion has confirmed the flaw and issued a warning to customers. A patch has not been released for Enteprise Server. As a workaround, companies can prevent the server from processing PDF Files.

"This issue has been escalated internally to our development team," RIM said in its advisory. "No resolution time frame is currently available."

Dig deeper on Handheld and Mobile Device Security Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close