Research In Motion (RIM) warned BlackBerry users of several vulnerabilities occurring in the way the device handles malformed
PDF files that could pave the way for remote hackers to launch malicious attacks.
Specifically, the RIM advisory warns that multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service.
If exploited, the vulnerabilities could allow an attacker to send an e-mail message containing a malicious PDF file attachment. The infected PDF could then cause memory corruption errors and possibly lead to malicious code execution once a user opened the file on a BlackBerry smartphone. The attacker subsequently could use malware to access and steal the information stored on the user's BlackBerry.
Specifically, the vulnerability affects BlackBerry Enterprise Server version 5.0, BlackBerry enterprise Server version 4.1x and BlackBerry Professional Software. RIM issued an interim software update, available for free download at the company's Web site, that resolves the vulnerabilities in the affected versions of the BlackBerry Enterprise Server and BlackBerry Professional Software.
Until users apply the interim patch, RIM recommends that users edit the list of file format extensions that the BlackBerry Attachment Service opens to disable PDF file processing on the BlackBerry as a workaround.
Meanwhile, the U.S. Computer Emergency Readiness Team, the federal agency that provides response, support and defense against cyberattacks for the U.S. government, also issued a warning advising users to apply the available patches and workarounds for the BlackBerry PDF flaw in order to prevent an attack.
In general, security experts advise that BlackBerry and other mobile device users -- as with laptops and desktops -- refrain from opening PDF and other file attachments from unknown or untrusted sources.
