There is a series of vulnerabilities in the widely used BlackBerry Enterprise Server software that could allow an attacker to compromise BlackBerry devices by sending a malicious PDF file. Research in Motion, the software’s maker, has issued a patch that fixes the problem in BES, as well as in BlackBerry Professional Software.
The vulnerabilities in BES and the Professional Software application lie in the PDF distiller component of the Attachment Service, which handles file attachments at the server level before they are sent to the end-user devices. If an attacker sent a malicious PDF file to a vulnerable version of the software, opening the file on the BlackBerry device would cause a memory-corruption error, enabling the attacker to run code on the device.
“Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service. These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service,” RIM said in its security advisory.
The vulnerable releases are BlackBerry Enterprise Server 4.1 Service Pack 3 through BES 5.0, and BlackBerry Professional Software 4.1 Service Pack 4.
As a workaround, RIM recommends preventing the Attachment Service from processing PDFs by editing the list of file types that BES can open.