Article

RIM fixes serious BlackBerry PDF handling flaws

SearchSecurity.com Staff

Research In Motion (RIM) has issued a security update to correct serious flaws in BlackBerry Enterprise Server and BlackBerry Unite software, which can be exploited to execute arbitrary code and gain access to critical data.

    Requires Free Membership to View

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In a RIM advisory, the company said multiple flaws exist in the PDF distiller of some versions of the BlackBerry Attachment Service. PDF distillers turn PostScript files into PDF documents.

The flaws have a Common Vulnerability Scoring System (CVSS) score of 9.3. An attacker can exploit the flaws by sending an email with a malicious PDF file. If opened by the user on a BlackBerry, the malicious code could cause memory corruption. It could then "lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service," RIM said.

BlackBerry advisories:
RIM updates BlackBerry Desktop Software to fix ActiveX flaw: The latest update for BlackBerry Desktop Software includes a fix to an ActiveX vulnerability located in a tool used to synchronize BlackBerrrys and PCs running Microsoft Windows.

BlackBerry server faced with critical zero-day: A serious PDF handling flaw in BlackBerry Enterprise Server could be exploited by attackers to gain access to sensitive information.

In a separate advisory, RIM said the BlackBerry Unite software is also affected by the PDF distiller flaw.

Danish vulnerability clearinghouse, Secunia gave the flaws a highly critical rating in its advisory.

The flaws affect BlackBerry Enterprise Server software version 4.1 Service Pack 3 through 4.1 Service Pack 6 and BlackBerry Professional Software 4.1 Service Pack 4. BlackBerry Unite software versions earlier than 1.0 Service Pack 3 are also affected. Users of BlackBerry Unite can upgrade to the latest version. Security Update 2 has also been issued to fix the vulnerabilities.

As a workaround, RIM said customers can prevent the BlackBerry Attachment Service from processing PDF files in the BlackBerry Unite environment.

Sean Larsson of iDefense Labs discovered the vulnerabilities.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: