A critical zero-day flaw in BlackBerry Enterprise Server could be exploited by attackers to gain access to sensitive data, according to an advisory issued by the French Security Incident Response Team (FrSIRT).
The flaw is
The problem can be found in BlackBerry Enterprise Server software version 4.1.3 through version 4.1.5 and BlackBerry Unite software versions prior to 1.0.1. Users of BlackBerry Unite can upgrade to the latest version.
The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.0. FrSIRT has rated it "critical."
BlackBerry maker Research in Motion has confirmed the flaw and issued a warning to customers. A patch has not been released for Enteprise Server. As a workaround, companies can prevent the server from processing PDF Files.
"This issue has been escalated internally to our development team," RIM said in its advisory. "No resolution time frame is currently available."