Out-Law News | 05 Jan 2006 | 5:34 pm | 1 min. read
The flaw relates to the way in which the BlackBerry attachment service handles images created by Tagged Image File Format (TIFF) files. According to RIM, if a BlackBerry user opened an email attachment containing a specially configured TIFF file, malicious code in the file could stop the attachment service working.
No other BlackBerry services would be affected.
As with email accessed on a computer, customers have been urged not to open any unsolicited or suspicious email attachments through their BlackBerry. The company has developed a patch for the vulnerability, and will release this as soon as it has completed testing.
Until then, RIM suggests that users either disable the attachment service or exclude TIFF images from processing.
The vulnerability was highlighted at the 22nd Chaos Communication Congress in Berlin last week, during a presentation by “FX” of Phenoelit that also raised two other BlackBerry-related issues.
The first relates to an internal threat that could result in a denial of service. There is no patch yet available to counter this flaw – it is currently undergoing testing – but RIM suggests that customers should ensure that a properly configured firewall is in place to protect the BlackBerry server and router.
The second flaw could also result in a denial of service, but would be caused by the downloading of a malicious Java Application Description (JAD) file. As the name suggests, such a file describes Java applications, such as icons and platform requirements, to the BlackBerry handheld.
There is a patch for this vulnerability.
Elsewhere, RIM announced on Friday that it had received a boost in its bitter patent dispute with patent holding company NTP Inc, after the US Patents and Trademarks Office (USPTO) issued preliminary rejections of two of the patent claims under dispute. To date, the USPTO has rejected seven of the eight claims subject to litigation, although the re-examination process being carried out by the agency is still in its earliest stages.
RIM still faces the prospect of a court-imposed ban, preventing it from selling, or even running, BlackBerry devices in the US.