Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 14th, 2009

PDF Processing Vulnerabilities Patched In BlackBerry

According to warnings issued by Research in Motion (RIM), hackers can use booby-trapped PDF attachments sent to BlackBerry devices to launch malicious code execution attacks. The company shipped patches this week to address a pair of critical vulnerabilities affecting their product.

The vulnerabilities are due to the improper processing of PDF files within the Distiller component of the BlackBerry Attachment Service.

Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service. These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service.

RIM recommends that users upgrade to the latest version of the BlackBerry Unite! software. RIM customers are strongly urged to apply the updates or implement the workarounds listed in KB17118 and KB17119 documents to help mitigate the risk.

Share this article with others:

More on CyberInsecure:
  • Critical PDF Processing Vulnerability In BlackBerry Enterprise Server
  • Researchers Warn BlackBerry Users Over Malformed PDF Vulnerability
  • Blackberry Spyware Source Code, TXSBBspy, Released By Veracode
  • ActiveX Control Flaw In BlackBerry Leads To Code Execution Attacks
  • Free Download Turns BlackBerry Into Remote Bugging Device

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: PDF Processing Vulnerabilities Patched In BlackBerry

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.