BlackBerry PDF flaw leaves networks open to attack
Much focus has been on the iPhone’s impact on network security, but it seems the BlackBerry has a potentially disastrous flaw which it has kept quiet and unpatched.
Business users have been warned that opening PDF files with their Blackberry devices could compromise their corporate network.
The flaw scored nine out of ten on Blackberry's common vulnerability scoring system and is seen as highly severe. RIM disclosed the vulnerability in an advisory, but so far a patch hasn't been released to deal with the problem, and no details have been given about how long it will take to deal with it.
The advisory said: "This issue has been escalated internally to our development team. No resolution time frame is currently available."
The vulnerability is specifically found in the PDF distiller of the BlackBerry Attachment Service.
A malicious user can take advantage by creating a specially made PDF file in an email message which can cause arbitrary code to execute on the device.
If the Blackberry user then views the PDF file while connected to the BlackBerry Enterprise Server of the corporate network, it can leave it open to attack.
The flaw is found on the BlackBerry Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 5 (4.1.5)
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
RIM has said: "In regard to the precautionary security advisory issued by RIM which informed customers about a potential vulnerability in BlackBerry Enterprise Server versions 4.1.3 through 4.1.5, there were no customer reports of any actual problems relating to this vulnerability and RIM has since provided software updates that resolve the issue."
It also said that the vulnerability does not exist in the newly released BlackBerry Enterprise Server 4.1.6 for Microsoft Exchange and IBM Lotus Domino.
Read more on how smartphones like the BlackBerry as well as newer gadgets like the iPhone could be used safely on a corporate network.