Research in Motion, the company behind the now practically ubiquitous BlackBerry range, has warned its users of a vulnerability discovered in its PDF software that poses a fairly pronounced security risk.
According to the folks at RIM, there are already maliciously coded PDFs floating around designed specifically to allow the viewer’s device to be controlled remotely by the source of the dodgy document. RIM’s official word on the topic has been to advise its users to download and install the relevant patch, which should shore up the various holes in RIM’s PDF viewer that allow the current exploit to run.
Perhaps most worrying about the whole affair isn’t that BlackBerry’s are vulnerable to hijacking from a remote source sending a PDF, but that so wide a range of BlackBerries susceptible. Anyone with a BlackBerry at all worried about the security vulnerability would do well to check out RIM’s own page on the bug, which lists the issue as having a threat level as a 9.3 out of 10 on the CVSS score chart.
According to RIM’s own piece on the exploit,
“Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service component of the BlackBerry Enterprise Server. These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server, could cause memory corruption and possible lead to a Denial of Service (DoS) condition or arbitrary code execution on the computer that hosts the BlackBerry Attachment Service component of that BlackBerry Enterprise Server.”
It’s some fairly scary stuff, for companies running multiple BlackBerries at least. If nothing else it lends an awful lot of credence to last week’s report that more and more smartphones would be coming under fire from more and more malware in the coming year.