1. Berryman's Avatar
    A major vulnerability in the BlackBerry Attachment Service could result in a takedown of the enterprise server that supports the popular mobile devices.

    The flaw -- which drew a severity score of 9 out of 10 -- could be exploited if attackers are able to trick a user into opening a malicious PDF file attachment as part of an email, according to a BlackBerry advisory. If a user opens the specially crafted file, arbitrary code could execute and compromise the enterprise server running the BlackBerry Attachment Service. That service is responsible for processing attachments for the devices.

    As a result, Research in Motion, the smartphone's maker, is advising businesses to block the attachment service from processing PDF files.

    Here to July 10 advisory from RIM:
    BlackBerry Search Results

    The company has not issued a timeline for a fix.

    But Dan Hoffman, chief technology officer at SMobile Systems, a mobile security firm, told SCMagazineUS.com on Wednesday that businesses should be proactive and install security solutions on their devices to help detect and block these kinds of threats.

    "These devices are computers," Hoffman said. "They have the exact same functionality as a laptop or desktop computer. People wouldn't think about having their PC directly connected to the internet without anti-virus or a firewall."

    But Sean Moshir, chief executive officer of mobile application developer CellTrust, said organizations should not worry because this vulnerability affects the server and is not device-specific.

    "This is a more of a job for the IT staff than the end-user being worried about," he told SCMagazineUS.com on Wednesday.

    Hoffman said attacks targeting smartphones may already be happening in large numbers but there is no way to currently track infection rates. Exploits will grow even more when cybercriminals decide the financial motivation is great enough to attack handhelds.
    Last edited by Berryman; 07-17-08 at 04:17 PM.
    07-17-08 04:02 PM
  2. Berryman's Avatar
    July 18, 2008 (Computerworld) Research In Motion Ltd. patched a critical bug in its BlackBerry Enterprise Server (BES) today to stymie hackers hoping to break into company networks by tricking users of the popular smart phone into opening rigged PDFs.

    The fix, which was delivered in several separate updates to BES, addressed a security vulnerability in the PDF distiller component of the BlackBerry Attachment Service, which runs on the BES. RIM first disclosed the flaw last week, but the bug gained attention Wednesday when the U.S. Computer Emergency Readiness Team (US-CERT), part of the Department of Homeland Security, posted an alert.

    Attackers could exploit the vulnerability by getting BlackBerry users to open malicious PDF files attached to e-mail messages. Successful exploits would compromise servers running BES, not individual BlackBerry devices, RIM said in security advisories first published July 10.

    A spokeswoman for Waterloo, Ontario-based RIM said today that the company had received no reports of attacks and that updates were now available for BES.

    Enterprise administrators can update to BES Version 4.1 Service Pack 6 (4.1.6) for Microsoft Exchange and IBM Lotus Domino, RIM said in a revised advisory. An update to BES for Novell GroupWise pegged as 4.1.4 also patches the problem.

    Administrators running editions of BES older then Versions 4.1.6, or 4.1.4 for GroupWise, can instead apply one of several interim security updates posted on RIM's download site.

    Previously, RIM had updated the BlackBerry Unite software that users run on their smart phones to patch the problem on the client side.

    Source: RIM fixes critical BlackBerry Enterprise Server bug
    07-18-08 03:47 PM
  3. Phelos's Avatar
    Whoa where is the pinicillin!?

    Posted from my CrackBerry at wapforums.crackberry.com
    07-18-08 03:50 PM
  4. JRSCCivic98's Avatar
    A little late to the party are we....

    Oh, and the party is just beginning people...
    07-18-08 06:22 PM
  5. Pete6's Avatar
    [quote=JRSCCivic98;510494]A little late to the party are we....

    Oh, and the party is just beginning people...[/quote ]
    And there are lots and lots of people invited.
    07-19-08 12:36 PM