Research In Motion issued an update to the BlackBerry Enterprise Server correcting serious PDF handling flaws.
The vulnerabilities are contained in the BlackBerry Attachment Service component. Users are at risk if they open a malicious PDF file on their BlackBerry smartphone. In its advisory, RIM said the vulnerabilities could be used by an attacker to cause memory corruption leading to arbitrary code execution on the machine that hosts the BlackBerry Attachment Service.
The flaws could be found in BlackBerry Enterprise Server software version 4.1.3 through 5.0. and BlackBerry Professional Software 4.1.4. The vulnerabilities are potentially very serious. They carry a Common Vulnerability Scoring System (CVSS) score of 9.3, RIM said.
Security update 4 has been released. For BlackBerry Enterprise Server version 4.1x and 5.0 users. A separate security update has been released for affected BlackBerry Professional Software versions.
RIM has had ongoing security issues with its PDF distiller. The smartphone maker issued an update correcting flaws in the BlackBerry Attachment Service in April. Separate updates were released in January and in July 2008 to correct flaws.