Security vulnerability with PDF documents on BlackBerry Enterprise Server


Due to a security vulnerability associated with PDF documents on the BlackBerry Enterprise Server, McGill is disabling PDF support for BlackBerry users until there is a resolution provided by Research in Motion.

Service will be interrupted between 11:00 pm and 12:00 am tonight, July 17, while changes on the BlackBerry server are implemented.

“A security vulnerability in the PDF distiller of the BlackBerry Attachment Service could enable a malicious individual to use a specially crafted PDF file attachment in an email message to cause arbitrary code to execute on the computer that the BlackBerry Attachment Service runs on. If a BlackBerry smartphone user on a BlackBerry Enterprise Server opens and views the specially crafted PDF file attachment on the BlackBerry smartphone, the arbitrary code execution could compromise the computer.”

For full details see the problem description on the BlackBerry website.