Patch released for malicious BlackBerry PDF vulnerability

by Graham Cluley on January 14, 2009 | Comments Off

Filed Under: Data loss, Mobile

Research in Motion (RIM) has issued a patch which reportedly fixes multiple vulnerabilities in the way the BlackBerry Attachment Service handles Adobe Acrobat PDF files.

According to a security advisory issued by the firm, hackers could send email message with an attached PDF file that, when opened by a BlackBerry mobile user, could cause code to be launched on the computer that hosts the BlackBerry Attachment Service.

RIM has advised customers who wish to protect themselves from the possibility of attack while they are waiting to roll-out the patch to remove PDF files from the list of allowed extensions as a stop-gap measure.

However, as PDFs are so widely used and shared in business, it seems unlikely that many companies will find that an acceptable solution for very long.

We aren't yet aware of any hackers actively exploiting this vulnerability.

Lets hope it stays that way.

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.

View all posts by Graham Cluley