RIM released a patch for their Blackberry Enterprise Server software on Friday that addresses a significant security hole. The patch adds a server-side screening for a specific vulnerability in PDF files that can expose the BES server to malicious code in the context of the BES service account, which has full access to the mail store. That’s pretty bad. The workaround was to deny PDF files from being delivered to the handheld devices, which also wasn’t a particularly pleasant solution. If you’re running a BES server, an upgrade to v4.1.6 should be in your next patch window cycle.
And while we’re talking about Blackberry and security, remember that there is more to it than just the software. Even with a password on the device the content isn’t encrypted, so when a high ranking government aide gets hit on at a hotel disco in Shanghai, disappears with the woman and wakes up the next morning without their device you’d better hope that the remote wipe functionality is still working. Whoopsie.
0 comments:
Post a Comment