All the latest UK technology news, reviews and analysis
|
|
|
27 May 2009
Research In Motion (RIM) has released details of a flaw in its BlackBerry Attachment Service that could allow hackers to remotely execute code and gain control of a BlackBerry Enterprise Server.
The firm said in a security advisory that multiple vulnerabilities with a Common Vulnerability Scoring System score of 9.3 have been found in the PDF distiller of the Attachment Service.
"These vulnerabilities could enable a malicious individual to send an email containing a specially crafted PDF file which, when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service," said the advisory.
RIM has issued an interim software update that fixes these issues in the affected versions of the BlackBerry Enterprise Server and BlackBerry Professional Software.
The firm advised users to disable PDF file processing on the server until these patches are rolled out, and said that users should only open attachments from trusted sources.
Graham Cluley, senior technology consultant at security vendor Sophos, said in a blog post that hackers are increasingly exploiting PDFs to deliver malware to unsuspecting business users.
"As PDFs are so widely used and shared in business most people wouldn't think twice about clicking on them, making it imperative that corporations keep their security patches and anti-malware defences up to date," he said.
Latest stories from Communications
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Principal Development Engineer Lead- London - Smart TV...
Development Engineer - London - Smart TV, Gaming, Tablets...
Principal Development Engineer - London - Smart TV, Gaming...
Test Engineer -London - Smart TV, Gaming, Tablets, PC...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
PDF ubiquitious now so in front line
"PDF is ubiquitous and important enough that the bad guys see it as worthwhile to target. If nobody was using PDF they wouldn't bother because they couldn't gain any advantage from doing so. And for PDF vendors? We're in the front line now; we have to code well and avoid all those buffer overflow issues and other vulnerabilities so that PDF usage can continue to grow and be successful." More comment here: http://tinyurl.com/oojlb9
Posted by: danielgdoc 03 Jun 2009