RIM Patches Critical BlackBerry PDF-Distilling Flaws

Hackers
can use maliciously rigged PDF files to hack into corporate systems
hosting the BlackBerry Attachment Service, according to a warning from
the makers of the popular smartphone.
Research in Motion (RIM) issued an advisory with patches for
multiple flaws in the PDF distiller service and warned and an attacker
could exploit the issues by simply e-mailing a booby-trapped PDF file
to a BlackBerry user.

Hackers
can use maliciously rigged PDF files to hack into corporate systems
hosting the BlackBerry Attachment Service, according to a warning from
the makers of the popular smartphone.

Research in Motion (RIM) issued an advisory with patches for
multiple flaws in the PDF distiller service and warned and an attacker
could exploit the issues by simply e-mailing a booby-trapped PDF file
to a BlackBerry user.

The vulnerabilities
exist in the PDF distiller of some released versions of the BlackBerry
Attachment Service component of the BlackBerry Enterprise Server:

These
vulnerabilities could enable a malicious individual to send an email
message containing a specially crafted PDF file, which when opened for
viewing on a BlackBerry smartphone that is associated with a user
account on a BlackBerry Enterprise Server, could cause memory
corruption and possibly lead to a Denial of Service (DoS) condition or
arbitrary code execution on the computer that hosts the BlackBerry
Attachment Service component of that BlackBerry Enterprise Server.

Affected versions include the BlackBerry Enterprise Server 5.0.0
running on Microsoft Windows version 2003 or 2008, BlackBerry
Enterprise Server 5.0.0 running on Microsoft Windows 2000, BlackBerry
Enterprise Server software versions 4.1.3 through 4.1.7, and BlackBerry
Professional Software 4.1.4.

Instructions on applying the patches are available in this RIM advisory.

Suggested articles

Hey Alexa, Who Am I Messaging?

Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.