„Interim security update“: Security patch for BlackBerry Enterprise Server
By Gina on October 15, 2010 | Vulnerabilities, BlackBerry Enterprise Server, Security patch, flaw, vulnerability, mobile security, BES, Research In Motion, RIM, PDF vulnerability, secure BlackBerry
Recently, vulnerability was found in BlackBerry Enterprise Server (BES) which could have been well explored by hackers if not a quick patch from Research In Motion (RIM) that released an „Interim security update“.
BlackBerry maker comments that this vulnerability may have been used in launching Denial of Service (DoS) attacks. The flaw is quite serious one because it is ranked 7.6 on the scale of 0 to 10 in Common Vulnerability Scoring System.
RIM says: „The vulnerability could allow a malicious individual to cause buffer overflow errors, leading to a Denial of Service condition or possibly arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.“
„Successful exploitation of this issue requires a malicious individual to persuade a BlackBerry smartphone user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server. The PDF file may be attached to an email message, or the BlackBerry smartphone user may retrieve it from a web site using the Get Link menu item on the BlackBerry smartphone,“ – RIM added.
In fact, the BES 5.0.2 vulnerability is connected with BlackBerry Attachment Service's PDF distiller component which is not a surprising at all. RIM already had an opportunity to release few patches for security issues due to PDF distiller.
More Vulnerabilities news
Shocking: 9 out of 10 websites still vulnerable to old attacks
Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.- Mozilla's decision: Firefox is blocked from running unpatched Java plugins
- Facebook still is a wonderland for cybercriminals
- Microsoft talks about dangerous flaw in a Windows
- 17 high-risk flaws are fixed in Chrome; Google pays $47,500 in bug bounties
- Google bypassed Safari's No Tracking settings
- Research reveals – 4/5 of security threats come from third-party software
- Google Wallet hack revealed
- Denial-of-service flaw is fixed by Oracle
- Firefox 9.0 and four critical flaws fixed
- Major flaw of Adobe Reader and Acrobat 9.x is patched
