BlackBerry fixes PDF security vulnerability

Research in Motion last week quietly released an upgrade to its BlackBerry Enterprise Server (BES) software, BES 4.1 service pack 6 (SP6), or BES v4.1.6, for Microsoft Exchange and Lotus Domino.

Share

Research in Motion last week quietly released an upgrade to its BlackBerry Enterprise Server (BES) software, BES 4.1 service pack 6 (SP6), or BES v4.1.6, for Microsoft Exchange and Lotus Domino.

The update follows a security advisory issued by RIM regarding a critical flaw in BES versions 4.1.3 through to 4.1.5 that could enable hackers to hijack users' BES infrastructure.

According to RIM, the flaw in the BES BlackBerry Attachment Service's PDF distiller component, which prepares Adobe PDF files to be opened on BlackBerry handhelds, has been fixed in BES 4.1.6.

"In regard to the precautionary security advisory issued by RIM which informed customers about a potential vulnerability in BlackBerry Enterprise Server versions 4.1.3 through 4.1.5, there were no customer reports of any actual problems relating to this vulnerability and RIM has since provided software updates that resolve the issue," according to a RIM spokesperson. "Note: The vulnerability does not exist in the newly released BlackBerry Enterprise Server 4.1.6."

In addition to fixing the flaw, which was ranked by RIM as a nine on a scale of one to 10 with 10 being the most serious, the upgrade also makes a handful of new features and functionality available to both corporate BlackBerry users and administrators.

For instance, BlackBerry users on BES 4.1.6 can now receive HTML and rich-content e-mail by default, as long as their devices are running handheld OS v4.5. (BlackBerry OS v4.5 is not yet officially available from US carriers, though beta versions have been bouncing around the Web for some time and official versions are expected in the near future.) For more information on the potential effects of supporting full HTML e-mail in a corporate environment, visit the the Documentation for Administrators section of RIM's site.

As part of BES 4.1.6, BlackBerry administrators now have new support for Microsoft Office Communications Server 2007 and IBM Lotus Sametime v8.0, as well as new naming conventions for the collaboration clients and a new BlackBerry calendar synchronization tool, among other enhancements.

BlackBerry administrators can download the upgrade from RIM's site, and additional information on BES 4.1.6 and its new functionality can be found in the software's release notes.

The last major BES upgrade, 4.1.5, was released only a few months ago in April.

"Recommended For You"

Blackberry PDF vulnerability gets patched RIM releases BlackBerry update