BlackBerry-maker RIM has issued a fix for another PDF-related security flaw in its BlackBerry Enterprise Server (BES), v5.0.2, for Exchange and Lotus Domino. Research In Motion yesterday released an “interim security update” for BlackBerry Enterprise Server (BES) 5.0 Service Pack 2 (SP2) for Microsoft Exchange and IBM Lotus Domino due to a vulnerability that could potentially allow a hacker or other malicious person access to organizations’ BES infrastructure. That flaw could also be used to execute Denial of Service (DoS) attacks, according to the BlackBerry-maker. And it affects not just the full version of BES, but the free BES Express, as well. BlackBerry Enterprise Server (BES) Diagram And the BES security flaw is currently ranked 7.6, or “high severity,” on a Common Vulnerability Scoring System (CVSS) scale of 0 to 10, with 10 representing the most critical flaws. From RIM: SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe “The vulnerability could allow a malicious individual to cause buffer overflow errors, leading to a Denial of Service (DoS) condition or possibly arbitrary code execution on the computer that the BlackBerry Attachment Service runs on. “Successful exploitation of this issue requires a malicious individual to persuade a BlackBerry smartphone user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server. The PDF file may be attached to an email message, or the BlackBerry smartphone user may retrieve it from a web site using the Get Link menu item on the BlackBerry smartphone.” The BES 5.0.2 flaw is related to the BlackBerry Attachment Service’s PDF distiller component, and it’s not the first time RIM has had to issues patches and security advisories due to problems with the PDF distiller. In fact, RIM issued at least three different PDF-distiller-related security updates since the summer of 2008. (Find information on those previous BES security flaws here, here and here.) RIM advises BES administrators to update their BES 5.0.2 software for Exchange and Lotus Domino immediately, but to do so with caution, since performing the update process wrong can lead to additional issues. Find specifics on the BES flaw and the associated update process at RIM’s BlackBerry Technical Solution Center. And download the BES security patch for Exchange and Lotus Domino here. AS Via @banthon Al Sacco covers Mobile and Wireless for CIO.com. Follow Al on Twitter @ASacco. Follow everything from CIO.com on Twitter @CIOonline. Email Al at ASacco@CIO.com. Related content brandpost Zero Trust: Understanding the US government’s requirements for enhanced cybersecurity By Jaye Tillson, Field CTO at HPE Aruba Networking Sep 26, 2023 4 mins Zero Trust feature SAP prepares to add Joule generative AI copilot across its apps Like Salesforce and ServiceNow, SAP is promising to embed an AI copilot throughout its applications, but planning a more gradual roll-out than some competitors. By Peter Sayer Sep 26, 2023 5 mins CIO SAP Generative AI brandpost Mitigating mayhem in a complex hybrid IT world How to build a resilient enterprise in the face of unexpected (and expected) IT mayhem moments. By Greg Lotko, Senior Vice President and General Manager, Mainframe Software Division Sep 26, 2023 7 mins Hybrid Cloud brandpost How AI can deliver eye-opening insights for IT AIOps can leverage machine learning to provide a robust set of proactive predictive analytics capabilities for a wide range of infrastructure. By Carol Wilder, VP of Product Management, Dell Technologies Sep 26, 2023 6 mins Artificial Intelligence Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe