BlackBerry has recently issued a warning that enterprise servers could be remotely accessed when they process images in a TIFF format. Attackers would need to craft a specific web page and get someone with sufficient privileges to click on a link to that page on their BlackBerry. Alternatively, they could send an e-mail or an instant message with this image, and they wouldn’t even have to answer it in order for the exploit to work. Here’s a snippet from the recently-released knowledge base article…
Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.
We’ve seen these kinds of security vulnerability warnings issued before, and generally when they’re this high on the severity scale, they get taken care of pretty quickly. In fact, a software patch is already in place to fix this TIFF vulnerability – admins just have to update their servers to version 5.0.4 MR2 or download an interim release.
So end users, so long as your IT dude is competent and keeping the BES software up to date, you really don’t have anything to worry about.
ShareFEB
2013