Critical security flaws found in Blackberry enterprise apps


Research in Motion (RIM) has warned of critical security flaws found in some versions of its Blackberry Enterprise Server software.

The vulnerabilities, which RIM says have a score of Common Vulnerability Scoring System (CVSS)  score of 9.3 out of 10, could allow cybercriminals to execute malicious code via malformed PDF files.

“Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service,” RIM said in an advisory.

“These vulnerabilities could enable a malicious individual to send an email message containing a specially crafted PDF file, which... could cause memory corruption and possibly arbitrary code execution on the computer that hosts the BlackBerry Attachment Service.”

The flaws effect users of BlackBerry Enterprise Server software versions 4.1 through 5, as well as the Professional Software 4.1 service pack 4.

RIM has already released a patch and an interim security update