Security Management Strategies for the CIOResearch in Motion (RIM), the maker of the BlackBerry smartphone, has issued a security update fixing BlackBerry vulnerabilities affecting the BlackBerry Enterprise Server and the BlackBerry Enterprise Server Express.
The vulnerabilities, which have been given a high severity rating, would allow a hacker to execute remote code on the server. The update affects the BlackBerry Mobile Data Service (MDS) Connection Service component, which processes images on webpages, and the BlackBerry Messaging Agent, which processes PNG and TIFF images for rendering on the BlackBerry smartphone.
RIM said an attacker could use the vulnerability to potentially gain access to other non-segmented parts of the network. To exploit the vulnerabilities in the MDS connection service, the attacker would need to create a specially crafted webpage and then persuade the user to click a link to visit the page. The attacker could provide the link to the user in an email or instant message.
To exploit these vulnerabilities in the BlackBerry Messaging Agent, the attacker would need to embed specially crafted PNG and TIFF images in an email message and send the message to the BlackBerry user. The user would not need to click a link or an image, or view the email message, for the attack to succeed.
RIM suggests a short-term workaround for organisations
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
to disable inline images and rich content
for BlackBerry smartphone users.
Join the conversationComment
Share
Comments
Results
Contribute to the conversation