The saga continues. RIM has yet again patched a PDF vulnerability in BlackBerry Enterprise Server. This is the 5th one since July 10th 2008. Makes me wonder what RIM is thinking… This new PDF vulnerability is found in all BES versions from 4.1.3 all the way until the recently released BES 5.0 Service Pack 1. RIM also released another fix for users contacts disappearing after upgrading to BES 5.0 SP1.
You can find the details about the latest PDF patch at this link
"Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service component of the BlackBerry Enterprise Server. These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server, could cause memory corruption and possibly lead to a Denial of Service (DoS) condition or arbitrary code execution on the computer that hosts the BlackBerry Attachment Service component of that BlackBerry Enterprise Server."
As a point of reference here are the last few PDF vulnerabilities including the latest:
- Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (May 26, 2009)
- Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (April 16, 2009)
- Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (January 12, 2009)
- Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (July 10, 2008)
via CIO.com
