Click here to receive your FREE subscription to Campus Technology
News
Research in Motion Issues Fix for Blackberry PDF Bug
7/21/2008
|
|
Research in Motion Ltd., maker of the popular BlackBerry handset, on Friday issued a patch to plug a vulnerability in its BlackBerry Enterprise Server (BES) solution. The vulnerability could allow hackers to enter into a network via a maliciously crafted PDF file.
The hotfix was distributed via a cluster of updates to BES systems. It's designed to remedy a bug in the PDF distiller function of BlackBerry's attachment mechanism, which enables users to open up documents from the mobile device.
The exploit enabled a remote code execution attack if the user opened up corrupt Adobe or other PDF-type files.
Research in Motion's advisory proposes that network administrators working within a Windows enterprise environment update to BES Version 4.1, Service Pack 6 for Microsoft's Exchange Server.
Using the new patch is much safer than relying on workarounds, according to one network security expert reacting to the news. For instance, relying on updating the BlackBerry Unite software -- an application that can be loaded onto the handset to detect and clean potentially infected files -- isn't the most optimal solution.
"It looks like they [Research in Motion] may have solved the problem for now by what they did [on Friday] because it's very tricky to sanitize these files on the client side," said Kevin Gillis, vice president of product management for IPswitch, a network monitoring, file transfer and messaging software firm in Lexington, Mass. "It's much better to do it on the server side so that the carrier-class scanner is more effective in this case."
Gillis added that the bigger issue now for companies will be reacting to the downtime that may have been caused by putting a temporary moratorium on sending PDFs via the handset, as some enterprises may have done while awaiting the patch.
"You have people sending presentations, graphs and charts all the time over these phones and while the problem is serious enough to wipe out the devices' whole memory storage, I think this is a reminder of why disaster recovery solutions and best practices are important too," he said.
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. You can contact Jabulani at editor@entmag.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Talisma Launches New Version of CRM with Built-in Application Management
Talisma Corp. announced version 8.0 of its constituent relationship management (CRM) application for higher education. The new release includes application management, a revamped user interface, two-way text messaging, personalized Web portals, and an ADA-compliant Web client, among other enhancements.
- Bringing Composers into Classrooms Through Skype
Two Pennsylvania teaching colleagues with an interest in music and technology are bringing remote experts into classrooms at almost no cost, using Skype's free videoconferencing technology.
- Columbia U Going Live on iTunes U
Columbia University has been beta testing its content through iTunes U, the Apple desktop media player for education-related podcasting. The New York-based university expects to go live with its release at the start of the fall semester.
- Let the Games Begin! Google vs. Microsoft
Pursuing a strategy as a consumer of services and choice, Drexel University has partnered with both Google and Microsoft to provide students with massive e-mail mailboxes, gigabytes of file storage with collaboration tools, Web-based calendars, personal blogs, and more.
- Ferrum College Enrolls Juniper Networks To Extend 10 Gigabit Ethernet
Ferrum College in southwestern Virginia has chosen to replace its campus-wide legacy Cisco network infrastructure with Juniper Network switching, network access control (NAC), and firewall/virtual private network (VPN) solutions. The college chose the new equipment after deciding to extend 10 Gigabit Ethernet (10GbE) throughput across the network in support of advanced voice over IP (VoIP) by fall 2009.
- Tiffin U's New Online College to Use Pearson's eCollege for Course Management
Beginning this fall, students in Tiffin University's newest online program, Ivy Bridge College, will use eCollege, a course management system from Pearson, for all of their online courses. The 2,350-student Tiffin U is located in Tiffin, OH and offers both on-campus and online classes. Since 2005, those online courses have been managed through Jenzabar Internet Campus Solution.
Related Articles
- California Community Colleges Partner with Waterfall Mobile on Statewide Emergency Notification Coverage
- King's College and ASU Add e2Campus for Improved Emergency Notifications
- Saint Joseph Builds Out Wireless Network in Multi-year Upgrade
- Vista Ramp Up Is Happening Now, Study Says
