Forgot your password?

PDF Distiller Vulnerability In BES & Unite

I got an email about this vulnerability and thought I would mention it. Now we know why Unite was quietly upgraded to 1.0.1 bundle 36+ recently. RIM was nice enough to report the vulnerability details.

Turns out that there is a vulnerability in the Unite and BES PDF distiller in the BlackBerry attachment service that converts PDF files for viewing on your BlackBerry. If you open the wrong kind of PDF it can execute code on your system which is very bad. This vulnerability gets a Common Vulnerability Scoring System (CVSS) score of 9.0 which is pretty serious.

Right now Unite has a fix by autoupdating but BES users are out of luck. BES admins are encouraged to disable the PDF functionality following the instructions linked to below.

Systems effected:

  • BES 4.1 service pack 3 (4.1.3) through service pack 5 (4.1.5)
    • Currently RIM is stating: This issue has been escalated internally to our development team. No resolution time frame is currently available.
  • BlackBerry Unite 1.0.1 bundle 35 and earlier

You can read more about it on RIM’s website at these links:

Thanks to Josep for pointing out the knowledgebase articles!

3 total comments on this postSubmit your comment!
  1. My Unite! has not updated itself from 35 to 36+. How do I kick off this upgrade or download it myself?

  2. Hey!
    I got a question for you about this vulnerability. Today a receive from Windows Live Messenger a PDF file, then appear a message about PDF Distiller ask for authorization about transfering a PDF file.
    So… This vulnerability could be available to make some virus for Blackberry OS?

  3. @Dario
    It could be used to run malicious code on the BES server from what I understand. Not a good thing…

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2018’ BerryReview LLC