Patch released for malicious BlackBerry PDF vulnerability

Image (1) blackberry.gif for post 13339

Research in Motion (RIM) has issued a patch which reportedly fixes multiple vulnerabilities in the way the BlackBerry Attachment Service handles Adobe Acrobat PDF files.

According to a security advisory issued by the firm, hackers could send email message with an attached PDF file that, when opened by a BlackBerry mobile user, could cause code to be launched on the computer that hosts the BlackBerry Attachment Service.

RIM has advised customers who wish to protect themselves from the possibility of attack while they are waiting to roll-out the patch to remove PDF files from the list of allowed extensions as a stop-gap measure.

However, as PDFs are so widely used and shared in business, it seems unlikely that many companies will find that an acceptable solution for very long.

We aren’t yet aware of any hackers actively exploiting this vulnerability.

Lets hope it stays that way.