Home
Topics
Information security threat management
Email and instant messaging threat defenses
PDF distiller exploit lets hackers attack BlackBerry smartphones

Security Alert

PDF distiller exploit lets hackers attack BlackBerry smartphones

SearchSecurity.in Staff

US-CERT has issued a security advisory warning users against a security vulnerability in the PDF Distiller of the BlackBerry Attachment Service component for certain versions of the BlackBerry Enterprise

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Server. This security exploit allows an attacker to cause buffer overflow errors and execute arbitrary code on the system hosting the BlackBerry Attachment Service.

The attacker launches an attack by luring the victim to open a specially created PDF file on his BlackBerry smartphone which is associated with the user’s account on the BlackBerry Enterprise server. The PDF file is sent either as an e-mail attachment or as a file download link.

Research In Motion (RIM) has also issued a security advisory describing the problem in detail, and issued an update to rectify the vulnerability. A similar security issue for the PDF distiller for BlackBerry was discovered last year.

Related Topics: Email and instant messaging threat defenses, Hacking countermeasures, VIEW ALL TOPICS

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary
- crimeware kit (attack kit)
- knowledge process outsourcing (KPO)

More from Related TechTarget Sites

CIO
Data Center
Business Intelligence
Security
SMB Security
Financial Security

CIO
- Enterprise BYOD offers mixed bag for enterprise endpoint security
  
  A Gartner analyst says enterprise BYOD -- specifically iOS and Android devices -- presents many pros and cons for enterprise endpoint security.
- Reclaiming the role of the CIO
  
  It has become fashionable to question the value of the role of CIO, but much of this discourse is both self-serving and without foundation
- Forrester CXi shows CIOs key to improving customer experience
  
  Companies that excel at customer experience work hand in glove with CIOs and IT, according to the Forrester 2013 Customer Experience Index.
Data Center
- Public cloud adoption accelerates in India
  
  Indian businesses will spend 24.54 billion INR on public cloud services this year to lower costs and increase business flexibility
- IBM gets real about being a cloud provider
  
  In this week's Searchlight: IBM puts billions into being a public cloud provider, science thumbs its nose at Verizon, keeping cloud honest and more.
- Microsoft updates its hybrid cloud with Windows Server 2012 R2
  
  To encourage developers to build hybrid cloud applications, Microsoft is offering up to $150 per month of Azure services to people running Visual Studio
searchBusinessIntelligenceIN
- In-memory applications take on big data analytics challenge
  
  In-memory tools and big data can be a potent analytics mix. But before you put them together, read advice from experienced users and consultants.
- In-memory big data analytics systems need solid IT foundation
  
  Using in-memory tools to analyze pools of big data raises system design, scalability and data integration issues that must be addressed up front.
- Aadhaar project data collection: An interview with Mindtree's CEO
  
  Get a view into the data collection efforts for the Aadhaar project from Krishnakumar Natarajan, the CEO at service provider Mindtree.
Security
- Users may remain vulnerable despite Oracle Java patch release
  
  Oracle has issued a new security patch for Java, but only 7% deployed the patch before it.
- Gary McGraw: NSA data collection programs demand discussion, scrutiny
  
  Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny.
- Enterprise BYOD offers mixed bag for enterprise endpoint security
  
  A Gartner analyst says enterprise BYOD -- specifically iOS and Android devices -- presents many pros and cons for enterprise endpoint security.
searchMidmarketSecurity
- Windows Phone 7 security: Assessing WP7 security features
  
  Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
- Choosing the best security certifications for your career
  
  Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
- Midmarket security tutorials
  
  SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.
searchFinancialSecurity
- PayPal CISO: Laws must foster better cybersecurity information sharing
  
  PayPal's Michael Barrett says many firms fear misuse of shared cybersecurity data. He also discusses the evolution of PCI DSS and mobile payment security.
- Cybergang plans to use Trojan against U.S. banks
  
  A cybergang in Eastern Europe revealed plans to attack U.S. banks with a Gozi-like Trojan, according to RSA.
- Improved Shylock Trojan targets banking users
  
  The latest variant of the banking Trojan is causing numerous problems, Symantec said.

All Rights Reserved,Copyright 2009 - 2013, TechTarget