Click here to receive your FREE subscription to Campus Technology
News
Research in Motion Issues Fix for Blackberry PDF Bug
7/21/2008
|
|
Research in Motion Ltd., maker of the popular BlackBerry handset, on Friday issued a patch to plug a vulnerability in its BlackBerry Enterprise Server (BES) solution. The vulnerability could allow hackers to enter into a network via a maliciously crafted PDF file.
The hotfix was distributed via a cluster of updates to BES systems. It's designed to remedy a bug in the PDF distiller function of BlackBerry's attachment mechanism, which enables users to open up documents from the mobile device.
The exploit enabled a remote code execution attack if the user opened up corrupt Adobe or other PDF-type files.
Research in Motion's advisory proposes that network administrators working within a Windows enterprise environment update to BES Version 4.1, Service Pack 6 for Microsoft's Exchange Server.
Using the new patch is much safer than relying on workarounds, according to one network security expert reacting to the news. For instance, relying on updating the BlackBerry Unite software -- an application that can be loaded onto the handset to detect and clean potentially infected files -- isn't the most optimal solution.
"It looks like they [Research in Motion] may have solved the problem for now by what they did [on Friday] because it's very tricky to sanitize these files on the client side," said Kevin Gillis, vice president of product management for IPswitch, a network monitoring, file transfer and messaging software firm in Lexington, Mass. "It's much better to do it on the server side so that the carrier-class scanner is more effective in this case."
Gillis added that the bigger issue now for companies will be reacting to the downtime that may have been caused by putting a temporary moratorium on sending PDFs via the handset, as some enterprises may have done while awaiting the patch.
"You have people sending presentations, graphs and charts all the time over these phones and while the problem is serious enough to wipe out the devices' whole memory storage, I think this is a reminder of why disaster recovery solutions and best practices are important too," he said.
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. You can contact Jabulani at editor@entmag.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Digital Arrays for Evidence-Based Learning
Our culture is redefining itself and we are redefining how we see learning. It is time for educators to get out of the box of seat time, finally, and consider evidence-based learning.
- 'That Which Weaves Together': The NSF Cyberlearning Report
Trent Batson takes a look at the National Science Foundation's Report of the NSF Task Force on Cyberlearning, "Fostering Learning in the Networked World: The Cyberlearning Opportunity and Challenge."
- The Power of Wikis in Higher Ed
Over the last six years, Stewart Mader has staked his career on the power of wikis. Mader first worked on wiki adoption initiatives in the IT department at Brown University, becoming fascinated by their power and potential. In this first half of a two-part interview, Mader talks about powerful ways to use wikis in education, content ownership issues, and how wikis tend to be used--and why.
- Sakai 2.5.2 Gets Performance Boost; New Modules Released
The Sakai Foundation has released the Sakai Collaboration and Learning Environment 2.5.2, the first maintenance update to the open-source learning management system since the 2.5 release in March. The new version includes performance enhancements, as well as a number of bug fixes and other enhancements.
- Microsoft Changes Virtualization Licensing Rules
Microsoft has made substantial changes to its virtualization licensing program, changes that will lower the cost of using virtualization for many customers.
- Vorex Upgrades Web-based Data Collection Tool for Schools
Vorex has released an update to its Vorex Online Survey, a Web-based data collection tool designed to allow schools to collect information and gather feedback from education stakeholders.
