BerryReview.com - BlackBerry News and Reviews
Forgot? | Register
Shop The BerryReview Store

PDF Distiller Vulnerability In BES & Unite

by Ronen Halevy on Jul 15th, 2008 at 2:07 pm EST
3 Comments »
 

I got an email about this vulnerability and thought I would mention it. Now we know why Unite was quietly upgraded to 1.0.1 bundle 36+ recently. RIM was nice enough to report the vulnerability details.

Turns out that there is a vulnerability in the Unite and BES PDF distiller in the BlackBerry attachment service that converts PDF files for viewing on your BlackBerry. If you open the wrong kind of PDF it can execute code on your system which is very bad. This vulnerability gets a Common Vulnerability Scoring System (CVSS) score of 9.0 which is pretty serious.

Right now Unite has a fix by autoupdating but BES users are out of luck. BES admins are encouraged to disable the PDF functionality following the instructions linked to below.

Systems effected:

  • BES 4.1 service pack 3 (4.1.3) through service pack 5 (4.1.5)
    • Currently RIM is stating: This issue has been escalated internally to our development team. No resolution time frame is currently available.
  • BlackBerry Unite 1.0.1 bundle 35 and earlier

You can read more about it on RIM’s website at these links:

Thanks to Josep for pointing out the knowledgebase articles!

Please Share With A Friend!

This entry was posted on Tuesday, July 15th, 2008 and is filed under News.
Tags: , , ,

If you enjoyed this article, make sure you subscribe to our RSS Feed to stay on top of the latest BlackBerry news you can use.

Previous Post: RIM Finally Getting Serious With Their Support Forums »
Next Post: A-DATA 8GB MicroSDHC Card $39.99 Shipped @ Meritline »

If you liked this article, you might find these interesting:

Latest Articles:

3 Comments to “PDF Distiller Vulnerability In BES & Unite

  1. Posted by: Nikolaus
    July 15, 2008 at 2:31 pm EST

    My Unite! has not updated itself from 35 to 36+. How do I kick off this upgrade or download it myself?

  2. Posted by: Dario
    July 16, 2008 at 1:45 am EST

    Hey!
    I got a question for you about this vulnerability. Today a receive from Windows Live Messenger a PDF file, then appear a message about PDF Distiller ask for authorization about transfering a PDF file.
    So… This vulnerability could be available to make some virus for Blackberry OS?

  3. Posted by: Ronen Halevy
    July 16, 2008 at 4:29 pm EST

    @Dario
    It could be used to run malicious code on the BES server from what I understand. Not a good thing…