RIM patches serious BlackBerry Attachment Service flaws

By SearchSecurity.com Staff 28 May 2009 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Research In Motion issued an update to the BlackBerry Enterprise Server correcting serious PDF handling flaws.

The vulnerabilities are contained in the BlackBerry Attachment Service component. Users are at risk if they open a malicious PDF file on their BlackBerry smartphone. In its advisory, RIM said the vulnerabilities could be used by an attacker to cause memory corruption leading to arbitrary code execution on the machine that hosts the BlackBerry Attachment Service.

BlackBerry advisories: RIM fixes serious BlackBerry PDF handling flaws: A malicious PDF attachment can cause memory corruption and allow an attacker to access sensitive data, RIM said in an advisory. RIM updates BlackBerry Desktop Software to fix ActiveX flaw: The latest update for BlackBerry Desktop Software includes a fix to an ActiveX vulnerability located in a tool used to synchronize BlackBerrrys and PCs running Microsoft Windows. BlackBerry server faced with critical zero-day: A serious PDF handling flaw in BlackBerry Enterprise Server could be exploited by attackers to gain access to sensitive information.

The flaws could be found in BlackBerry Enterprise Server software version 4.1.3 through 5.0. and BlackBerry Professional Software 4.1.4. The vulnerabilities are potentially very serious. They carry a Common Vulnerability Scoring System (CVSS) score of 9.3, RIM said.

Security update 4 has been released. For BlackBerry Enterprise Server version 4.1x and 5.0 users. A separate security update has been released for affected BlackBerry Professional Software versions.

RIM has had ongoing security issues with its PDF distiller. The smartphone maker issued an update correcting flaws in the BlackBerry Attachment Service in April. Separate updates were released in January and in July 2008 to correct flaws.

Tags: Smartphone and PDA Viruses and Threats,  Handheld and Mobile Device Security Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Smartphone and PDA Viruses and Threats US-CERT warns of BlackBerry snooping software Mini guide: How to remove and prevent Trojans, malware and spyware SMS attacks against BlackBerry certificate flaw possible MMS messaging spoof hack could have global ramifications Unified communications: Securing a converged infrastructure Latest Apple iPhone features prompt security concerns SMS mobile worm attacks Symbian smartphones Smartphone security lacking at many businesses RIM warns of serious vulnerability in BlackBerry Web loader RIM fixes serious BlackBerry PDF handling flaws Handheld and Mobile Device Security Best Practices Researchers find thousands of flawed embedded devices Best Mobile Data Security Products Should Windows Mobile updates come from Microsoft? MMS messaging spoof hack could have global ramifications How to prevent mobile phone spying Unified communications: Securing a converged infrastructure How secure are iPhone App Store mobile applications? Is there a spy on my mobile device? Mobile phones win during Pwn2Own contest Latest Apple iPhone features prompt security concerns Handheld and Mobile Device Security Best Practices Research

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary