Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"when i login to face book it tells me i am cookies enabled what does this mean"
on Ads on Facebook serving up adware
by celeste | Nov 21, 2008 5:15 PM
 
"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."
on Yahoo and Microsoft take aim at lottery scams
by Rodney Churchyard | Nov 20, 2008 6:13 PM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."
on Shavlik Technologies to broaden its patch management offerings
by eric | Nov 20, 2008 8:15 AM
 
"it's great i tried it"
on McAfee offers free trial of security appliance
by divyacharan | Nov 20, 2008 12:24 AM
Email Security

Blackberry advises blocking PDFs until flaw is fixed

  • Email a Friend
  • Print Page
Related Articles
By Dan Kaplan
Jul 17, 2008 10:13 AM
Tags: Blackberry | PDFs | flaw | vulnerability
A major vulnerability in the BlackBerry Attachment Service could result in a takedown of the enterprise server that supports the popular mobile devices.

The flaw -- which drew a severity score of 9 out of 10 -- could be exploited if attackers are able to trick a user into opening a malicious PDF file attachment as part of an email, according to a BlackBerry advisory.

If a user opens the specially crafted file, arbitrary code could execute and compromise the enterprise server running the BlackBerry Attachment Service.

That service is responsible for processing attachments for the devices.

As a result, Research in Motion, the smartphone's maker, is advising businesses to block the attachment service from processing PDF files.

"You can [do this] by editing the list of file format extensions that the [service] opens, and then preventing the PDF attachment distiller from running on the [service]," the BlackBerry advisory said.

The company has not issued a timeline for a fix.

But Dan Hoffman, chief technology officer at SMobile Systems, a mobile security firm, told SCMagazineUS.com on Wednesday that businesses should be proactive and install security solutions on their devices to help detect and block these kinds of threats.

"These devices are computers," Hoffman said. "They have the exact same functionality as a laptop or desktop computer. People wouldn't think about having their PC directly connected to the internet without anti-virus or a firewall."

But Sean Moshir, chief executive officer of mobile application developer CellTrust, said organizations should not worry because this vulnerability affects the server and is not device-specific.

"This is a more of a job for the IT staff than the end-user being worried about," he told SCMagazineUS.com on Wednesday.

Hoffman said attacks targeting smartphones may already be happening in large numbers but there is no way to currently track infection rates. Exploits will grow even more when cybercriminals decide the financial motivation is great enough to attack handhelds.

See original article on SC Magazine US

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
 
Messaging Whitepapers
 
Popular Tags
adobe browser disclosure dns exploit exploits flaw insecure kaminsky malware microsoft mobile opera patch patched patches security vulnerability windows worm