Patch released for malicious BlackBerry PDF vulnerability

Filed Under: Data loss, Mobile

Research in Motion (RIM) has issued a patch which reportedly fixes multiple vulnerabilities in the way the BlackBerry Attachment Service handles Adobe Acrobat PDF files.

According to a security advisory issued by the firm, hackers could send email message with an attached PDF file that, when opened by a BlackBerry mobile user, could cause code to be launched on the computer that hosts the BlackBerry Attachment Service.

RIM has advised customers who wish to protect themselves from the possibility of attack while they are waiting to roll-out the patch to remove PDF files from the list of allowed extensions as a stop-gap measure.

However, as PDFs are so widely used and shared in business, it seems unlikely that many companies will find that an acceptable solution for very long.

We aren't yet aware of any hackers actively exploiting this vulnerability.

Lets hope it stays that way.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley