DarkFiber Consulting – IT Managed Services

Research In Motion Releases Advisory for BlackBerry PDF Distiller Vulnerabilities

December 10th, 2009 . by DarkFiber Consulting

Research In Motion has released a security advisory to address multiple vulnerabilities in the PDF distiller of some released versions of the BlackBerry Attachment Service. The advisory lists the affected versions as BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows version 2003 or 2008, BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows 2000, BlackBerry Enterprise Server software versions 4.1.3 through 4.1.7, and BlackBerry Professional Software 4.1.4. By convincing a user to view a specially crafted PDF file, an attacker may be able to execute arbitrary code or cause a denial-of-service condition on the system that hosts the BlackBerry Attachment Service.

DarkFiber Consulting encourages users and administrators to review BlackBerry security advisory KB19860 and apply any necessary updates.

Research in Motion Releases Security Advisory

October 14th, 2009 . by DarkFiber Consulting

Research in Motion has released a security advisory to address a vulnerability related to how null characters are displayed in a BlackBerry dialog box. This vulnerability may allow an attacker to trick users into believing that they are connecting to a trusted secure site.

DarkFiber Consulting encourages users to review the BlackBerry security advisory KB19552 and apply any necessary updates.

Research In Motion Releases Advisory for BlackBerry PDF Distiller Vulnerabilities

May 9th, 2009 . by DarkFiber Consulting

Research In Motion has released a security advisory to address multiple vulnerabilities in the PDF distiller of some released versions of the BlackBerry Attachment Service. The advisory lists the affected versions as BlackBerry Enterprise Server 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4.  By convincing a user to view a specially crafted PDF file, an attacker may be able to execute arbitrary code on the system that hosts the Blackberry Attachment Service.

DarkFiber Consulting encourages users to review BlackBerry security advisory KB17953 and apply any necessary updates.

Additional information is available in the Vulnerability Notes Database.

BlackBerry Security Advisory

July 18th, 2008 . by DarkFiber Consulting

Research In Motion has released a Security Advisory to address a vulnerability in the BlackBerry Enterprise Server. This vulnerability is due to the improper processing of PDF files within the distiller component of the BlackBerry Attachment Service. By convincing a user to open a maliciously crafted PDF attachment on a BlackBerry smartphone, an attacker may be able to execute arbitrary code on the system running the BlackBerry Attachment Service.

DarkFiber Consulting encourages users to review BlackBerry Security Advisory KB15766 and apply the resolution or implement the workarounds listed in the document to help mitigate the risk.

DarkFiber Consulting will provide additional information as it becomes available.