RIM finds security flaw in BlackBerry Enterprise Server
by Sean Cooper 
posted Jul 27th 2008 at 11:18PM
RIM has issued a security warning to BES admins about a problem with the BlackBerry Attachment Service and PDF files. The flaw apparently allows would-be hackers to execute malicious code with a specially crafted PDF file. The Waterloo messaging behemoth has listed BES versions 4.1 SP 3 through 4.1 SP5, and BlackBerry Unite! as affected and rated the severity as 9 out of a possible 10 -- with 10 being the highest level of fail. Thankfully a workaround is available on RIM's site involving disabling the processing of PDF files until RIM can issue a fix for the misery. Hit the read link for the dirty details.[Via PCWorld]
Reader Comments (Page 1 of 1)
Alberto @ Jul 27th 2008 11:55PM
My understanding is that RIM already has an update available that remedies the security flaw.
SuperSexyErik (^_^) @ Jul 28th 2008 12:16AM
and this is why we need a locked down OS.
wish somebody would make a fully functional OS without viruses.. oh we have that, welcome iphone :)
Derek @ Jul 28th 2008 12:52AM
Dude, STFU!
Will someone PLEASE ban this annoying asshole?
PPC @ Jul 28th 2008 1:47AM
Fully functional? What about copy/paste?
SuperSexyErik (^_^) @ Jul 28th 2008 2:33AM
copy/paste? It will be included in a free update sometime this week.
So what now? Anything else?
Mark Jenkins @ Jul 28th 2008 10:34AM
Erik, until it is in our hands, it doesn't exist. I'm sure you would pay everyone else the same courtesy if they mentioned an upcoming RIM feature.
snowenloe @ Jul 28th 2008 10:15AM
Ha! I knew your dumb 16 year old ass would be here trolling for any reason to say something great about the iPhone. Shut the fuck up, get a life and get to school you moron. Nice Myspace picture. HA HA HA HA HA HA HA
Dave @ Jul 28th 2008 10:29AM
Wow SuperSexyErik is like the reincarnation of clak. How sad.
Just another Apple fanboy living in another dimension.
SuperSexyErik (^_^) @ Jul 28th 2008 12:04PM
sounds like some people can't stand that apple is putting rimm out of buwsiness ;)
It's ok, you can still use others...no... Palm sucks, winmo sucks.. Ouch you guys are stuck :(
I'm 18 in two weeks btw :)
retro77 @ Jul 28th 2008 1:18PM
You understand that BES is not an OS?
Dave @ Jul 28th 2008 9:53PM
I got an idea, SuperSexyErik, how about if Apple doesn't release that copy/paste update sometime next week you never post on engadget or engadget mobile again?
michael @ Jul 28th 2008 12:44AM
This has been fixed for at least a week and a half.
Richard @ Aug 4th 2008 4:09PM
..and was announced over a week ago to boot :)
Dan @ Jul 28th 2008 10:14AM
Erik-
The iPhone is a consumer product. Period.
First off this is on the BES - not the OS. If your iPhone IT folks are running Exchange or the same email server. This has NOTHING to do with the device OS itself.
Unlike any BlackBerry Handheld OS issues, Might I point out that it this article:
iPhone Mail bug adds phishing danger
Be careful around the net
By John Leyden • Thursday 24 Jul 2008 14:47
Flaws in the Mail and Safari applications bundled with the iPhone leave users of the device at greater risk of phishing attacks. A URL-spoofing vulnerability means that a dodgy domain pointed to by a specially crafted URL can appear to be that of a trusted brand when viewed through the iPhone's mail or Safari browser …http://www.theregister.co.uk/2008/07/24/iphone_mail_phish_vuln/
Listen, with all due respect, if a device does not even have cut and paste function or true GPS functionality (turn by turn and GPS tracking) it is certainly not even on the same page as a BlackBerry, a battery that can be esily replaced, microSD for expanded storage.
Any company that allows an iPhone in their environment is a fool. Give it a couple years to mature and then perhaps - but as of today - this is like comparing a Ford Pinto to an Armored Vehicle.
- Not secure end-to-end
- No IT Policy Management (BES with Exchange vs. Exachange alone)
- iPhone is not FIPS-140-2 (or other body) certified.
-
snowenloe @ Jul 28th 2008 10:20AM
Agreed.
retro77 @ Jul 28th 2008 1:21PM
I agree with everything except this part:
"...with all due respect..."
SuperSexyErik (^_^) @ Jul 28th 2008 3:56PM
1) copy/paste+gps next update
2) wtf? none of that is true
3) you act as if apple is trying to lose. they know what they are doing and will put rimm out of bussiness.
im sorry, i really am, i know you love your blackberry, but it cant stand up to iphone..
chickenator @ Jul 28th 2008 1:48PM
nyum nyum!
Dan @ Jul 29th 2008 4:45AM
Hey whatever is the best solution. I'm always open to the best of breed.
The iPhone may have potential someday but right now it's just not there. I never ever run into the iPhone in any of my accounts.
Also not mentioned....
> Cannot push new apps to the iPhone
> Cannot restrict which apps are installed on the iPhone (see the phishing story above- perfect case in point).
I admit to having an iPod Touch and love it. There is no doubt it is very cool. But for any company that knows what they are doing - the iPod is a gadget and the BlackBerry is a business tool.