Home > Security News > BlackBerry server faced with critical zero-day
Security News:
EMAIL THIS

BlackBerry server faced with critical zero-day

By SearchSecurity.com Staff
16 Jul 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

A critical zero-day flaw in BlackBerry Enterprise Server could be exploited by attackers to gain access to sensitive data, according to an advisory issued by the French Security Incident Response Team (FrSIRT).

The flaw is a PDF attachment handling error in the BlackBerry Attachment Service, FrSIRT said. An attacker could exploit the flaw by tricking a user to open a malicious PDF file attachment.

The problem can be found in BlackBerry Enterprise Server software version 4.1.3 through version 4.1.5 and BlackBerry Unite software versions prior to 1.0.1. Users of BlackBerry Unite can upgrade to the latest version.

The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.0. FrSIRT has rated it "critical."

BlackBerry maker Research in Motion has confirmed the flaw and issued a warning to customers. A patch has not been released for Enteprise Server. As a workaround, companies can prevent the server from processing PDF Files.

"This issue has been escalated internally to our development team," RIM said in its advisory. "No resolution time frame is currently available."



Tags: Handheld and Mobile Device Security Best PracticesEmerging Information Security ThreatsWeb Server Threats and CountermeasuresSmartphone and PDA Viruses and ThreatsVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Handheld and Mobile Device Security Best Practices
Protecting enterprise networks from new mobile application downloads
Screencast: Find rogue wireless access points with Vistumbler
Secure your remote users in 2010
Researchers find thousands of flawed embedded devices
Best Mobile Data Security Products
Should Windows Mobile updates come from Microsoft?
MMS messaging spoof hack could have global ramifications
How to prevent mobile phone spying
Unified communications: Securing a converged infrastructure
RIM patches serious BlackBerry Attachment Service flaws
Handheld and Mobile Device Security Best Practices Research

Emerging Information Security Threats
Leverage Google Attacks to Improve Cybersecurity
SCADA system, critical infrastructure security lacking, survey finds
Preparing for future security threats, evolving malware
Facebook attacks prompt investments in social networking security
Information security podcasts: 2009 archive
Hathaway calls for international cybercrime task force
Active PDF attacks target Reader, Acrobat zero-day vulnerability
Sites hit with massive automated SQL injection attack
Cybercriminals invest in social networking attacks
Best practices for (small) botnets

Web Server Threats and Countermeasures
Microsoft doesn't rule out rushed patch for IIS zero-day vulnerability
How do passwordless SSH keys represent an enterprise attack vector?
Information security book excerpts and reviews
Increase in Gumblar backdoors poses FTP credential problems
VeriSign extends DDoS attack protection service
Microsoft issues IIS FTP advisory, exploit code circulates
Panda reports fast-spreading rogueware antivirus fraud rakes in millions
Oracle issues quarterly patches, fixes database flaws
Latest DDoS attacks extremely unsophisticated, experts say
Stolen FTP credentials likely in massive website attacks

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
DNS rebinding attack  (SearchSecurity.com)
drive-by pharming  (SearchSecurity.com)
JavaScript hijacking  (SearchSecurity.com)
man in the browser  (SearchSecurity.com)
phlashing  (SearchSecurity.com)
polymorphic malware  (SearchSecurity.com)
pulsing zombie  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2010, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts