RIM offers critical patch for BlackBerry (Brief)

by Steve Ragan - Jul 23 2008, 11:18

Research in Motion, the one you can blame for your crack-like addiction to the BlackBerry, has released a security patch for businesses that rely on its coveted device. The patch addresses vulnerabilities in BlackBerry Enterprise Server versions 4.1.3 through 4.1.5 and BlackBerry Professional Software 4.1.4.

A vulnerability exists in the PDF distiller of some versions of the BlackBerry Attachment Service. An e-mail message containing a specially crafted PDF file, which, when opened for viewing on a BlackBerry, could cause memory corruption and possibly lead to arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.

Rated 'Critical,' with a Common Vulnerability Scoring System (CVSS) score of 9.0, RIM advises everyone to patch as soon as possible.

"You can install the BlackBerry Attachment Service on a remote computer and then place that computer on its own network segment to prevent the spread of potential attacks from the BlackBerry Attachment Service to another computer within your organization’s network," RIM said, while offering a bit of advice for mitigation.

"In a segmented network, attacks are isolated and contained on a single area of the network. Using segmented network architecture is designed to improve the security and performance of the BlackBerry Attachment Service network segment by filtering out attachment data that is not destined for other network segments."

For those who can’t patch quickly, but need some protection, there are workaround options available. You can get them by clicking here.

Around the Web