Home > Security News > BlackBerry server faced with critical zero-day
Security News:
EMAIL THIS

BlackBerry server faced with critical zero-day

By SearchSecurity.com Staff
16 Jul 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

A critical zero-day flaw in BlackBerry Enterprise Server could be exploited by attackers to gain access to sensitive data, according to an advisory issued by the French Security Incident Response Team (FrSIRT).

The flaw is a PDF attachment handling error in the BlackBerry Attachment Service, FrSIRT said. An attacker could exploit the flaw by tricking a user to open a malicious PDF file attachment.

The problem can be found in BlackBerry Enterprise Server software version 4.1.3 through version 4.1.5 and BlackBerry Unite software versions prior to 1.0.1. Users of BlackBerry Unite can upgrade to the latest version.

The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.0. FrSIRT has rated it "critical."

BlackBerry maker Research in Motion has confirmed the flaw and issued a warning to customers. A patch has not been released for Enteprise Server. As a workaround, companies can prevent the server from processing PDF Files.

"This issue has been escalated internally to our development team," RIM said in its advisory. "No resolution time frame is currently available."



Tags: Handheld and Mobile Device Security Best PracticesEmerging Information Security ThreatsWeb Server Threats and CountermeasuresSmartphone and PDA Viruses and ThreatsVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Handheld and Mobile Device Security Best Practices
How to prevent mobile phone spying
Unified communications: Securing a converged infrastructure
RIM patches serious BlackBerry Attachment Service flaws
How secure are iPhone App Store mobile applications?
Is there a spy on my mobile device?
Mobile phones win during Pwn2Own contest
Latest Apple iPhone features prompt security concerns
Apple iPhone app could boost two-factor
What Obama's Blackberry means for mobile device security
SMS mobile worm attacks Symbian smartphones
Handheld and Mobile Device Security Best Practices Research

Emerging Information Security Threats
New attack code targets Microsoft DirectShow zero-day vulnerability
Adobe ColdFusion websites being compromised
Antispyware buying guide for Indian enterprises
ATM malware lets attackers take over machines
FTC shutters rogue ISP for hosting malicious content, botnets
The failing war against cybercriminals
White House cybersecurity czar faces major hurdles
Cybercrime and threat management
The Pipe Dream of No More Free Bugs
Face-off: Who should be in charge of cybersecurity?

Web Server Threats and Countermeasures
Stolen FTP credentials likely in massive website attacks
Microsoft warns of IIS zero-day vulnerability
How to find and stop automated SQL injection attacks
How to spot attacks through Apache Web server log analysis
Symantec acquires Mi5 Networks, bolsters Web security
How to harden Linux operating systems
How to clear out anonymous Web proxy servers in the workplace
Information security book excerpts and reviews
Is it more secure to have a mainframe or a collection of servers?
How does a Web server model differ from an application server model?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
DNS rebinding attack  (SearchSecurity.com)
drive-by pharming  (SearchSecurity.com)
JavaScript hijacking  (SearchSecurity.com)
man in the browser  (SearchSecurity.com)
phlashing  (SearchSecurity.com)
polymorphic malware  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts