PDF Distiller Vulnerability In BES & Unite

I got an email about this vulnerability and thought I would mention it. Now we know why Unite was quietly upgraded to 1.0.1 bundle 36+ recently. RIM was nice enough to report the vulnerability details.

Turns out that there is a vulnerability in the Unite and BES PDF distiller in the BlackBerry attachment service that converts PDF files for viewing on your BlackBerry. If you open the wrong kind of PDF it can execute code on your system which is very bad. This vulnerability gets a Common Vulnerability Scoring System (CVSS) score of 9.0 which is pretty serious.

Right now Unite has a fix by autoupdating but BES users are out of luck. BES admins are encouraged to disable the PDF functionality following the instructions linked to below.

Systems effected:

  • BES 4.1 service pack 3 (4.1.3) through service pack 5 (4.1.5)
    • Currently RIM is stating: This issue has been escalated internally to our development team. No resolution time frame is currently available.
  • BlackBerry Unite 1.0.1 bundle 35 and earlier

You can read more about it on RIM’s website at these links:

Thanks to Josep for pointing out the knowledgebase articles!

3 total comments on this postSubmit your comment!