Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server

Looks like there has been another vulnerability discovered in the BlackBerry Enterprise Server PDF distiller of the BlackBerry Attachment Service.

Looks like there has been another vulnerability discovered in the BlackBerry Enterprise Server PDF distiller of the BlackBerry Attachment Service. This vulnerability is scoring 7.8 on the CVSS scale, so it is a high risk vulnerability.  You should apply the patch to your BES server ASAP.

See http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24761 for the details from RIM.

If you haven’t already done so, you really should have the attachment service running in a segmented network in order to prevent the spread of malware. The PDF distiller has required quite a few patches in the past few years and is, in my opinion, the weakest point in the whole BES architecture.  See the BlackBerry technical notes on how to achieve segmentation here.

Safe boot trick for BlackBerry

I just learned of a nice trick for BlackBerry.

Just like safe mode in Windows XP, you can boot your BlackBerry into safe mode where it will not automatically load any third-party application. This can be useful for situations where you have something that is making your BlackBerry unstable.

This works with a battery pull or doing the hard reset key combination (Alt-left-shift-del). Right after the red light goes off, press and hold the escape key until the boot is complete. You will know that you are in safe mode because it will say “safe mode” in the top-middle of the screen.  This works on my BlackBerry Bold.