RIM BlackBerry Enterprise Server (BES) 4.1.6 Upgrade Addresses Critical PDF Flaw

Research In Motion (RIM) has released an upgrade to its BlackBerry Enterprise Server (BES) software that fixes a previously disclosed vulnerability and provides new e-mail and calendaring functionality for administrators and corporate smartphone users.

Research In Motion (RIM) on Thursday quietly released an upgrade to its BlackBerry Enterprise Server (BES) software, BES 4.1 service pack 6 (SP6), or BES v4.1.6, for Microsoft Exchange and Lotus Domino. The update follows a security advisory issued by RIM last week regarding a critical flaw in BES versions 4.1.3 through 4.1.5 that could enable hackers to hijack users' BES infrastructure.

More on BlackBerry

RIM to BlackBerry Administrators: Beware Critical BES Security Flaw

BlackBerry Enterprise Server (BES) 4.1 SP5 Hits the Web: What's in It for You

8 Tips to Help IT Reduce, Recover from BES and Exchange Server Downtime

BlackBerrys Taking Up More IT Support Time, Effort Than Any Other Mobile Devices??

According to RIM, the flaw in the BES BlackBerry Attachment Service's PDF distiller component, which prepares Adobe PDF files to be opened on BlackBerry handhelds, has been fixed in BES 4.1.6.

"In regard to the precautionary security advisory issued by RIM which informed customers about a potential vulnerability in BlackBerry Enterprise Server versions 4.1.3 through 4.1.5, there were no customer reports of any actual problems relating to this vulnerability and RIM has since provided software updates that resolve the issue," according to a RIM spokesperson. "Note: The vulnerability does not exist in the newly released BlackBerry Enterprise Server 4.1.6."

In addition to fixing the flaw, which was ranked by RIM as a nine on a scale of one to 10 with 10 being the most serious, the upgrade also makes a handful of new features and functionality available to both corporate BlackBerry users and administrators.

For instance, BlackBerry users on BES 4.1.6 can now receive HTML and rich-content e-mail by default, as long as their devices are running handheld OS v4.5. (BlackBerry OS v4.5 is not yet officially available from U.S. carriers, though beta versions have been bouncing around the Web for some time and official versions are expected in the near future.) For more information on the potential effects of supporting full HTML e-mail in a corporate environment, visit the Documentation for Administrators section of RIM's site.

image of BES 4.1.6 Download Page
BES 4.1.6 Download Page

As part of BES 4.1.6, BlackBerry administrators now have new support for Microsoft Office Communications Server 2007 and IBM Lotus Sametime v8.0, as well as new naming conventions for the collaboration clients and a new BlackBerry calendar synchronization tool, among other enhancements.

BlackBerry administrators can download the upgrade from RIM's site, and additional information on BES 4.1.6 and its new functionality can be found in the software's release notes.

The last major BES upgrade, 4.1.5, was released only a few months ago in April.

FREE CIO BlackBerry Newsletter

Get better use out of your BlackBerry and keep up-to-date on the latest developments. Sign-up »

Copyright © 2008 IDG Communications, Inc.

The CIO Fall digital issue is here! Learn how CIO100 award-winning organizations are reimagining products and services for a new era of customer and employee engagement.