Some may remember a potential PDF vulnerability that had implications for BlackBerry Enterprise Server in July last year. It seems to have come around again in a slightly different guise, and RIM have released an interim patch to plug the hole.
The problem is not one of a definite security hole, but a potential vulnerability with theoretical implications. In theory, the vulnerability could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry handheld, could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service.
Given RIM’s security conscious attitude, they have devised a workaround for this theoretical threat. The easiest way to lock this down would be to remove PDF’s as an allowed attachment format on the BES server, however, this results in a slight loss of functionality to the user who would be unable to open any PDF’s. What we have been recommending our customers to do is to install RIM’s interim security patch (available for BlackBerry Enterprise Server 4.1 Service Pack 3 and above, a BlackBerry Professional Software version 4.1.4). Running the patch (a series of .dll file replacements on the BES server) takes just a couple of minutes to perform and plugs the hole, allowing users to continue opening what is no doubt a popular file extension on their BlackBerry devices. airtime manager customers can download the patch from our Technical Support Resource Library now.
Follow Us
Sorry, the comment form is closed at this time.