RIM issues fix for BlackBerry vulnerabilities

Ron Condon

Research in Motion (RIM), the maker of the BlackBerry smartphone, has issued a security update fixing BlackBerry vulnerabilities affecting the BlackBerry Enterprise Server and the BlackBerry

    Requires Free Membership to View

Enterprise Server Express.

The vulnerabilities, which have been given a high severity rating, would allow a hacker to execute remote code on the server. The update affects the BlackBerry Mobile Data Service (MDS) Connection Service component, which processes images on webpages, and the BlackBerry Messaging Agent, which processes PNG and TIFF images for rendering on the BlackBerry smartphone.

RIM said an attacker could use the vulnerability to potentially gain access to other non-segmented parts of the network. To exploit the vulnerabilities in the MDS connection service, the attacker would need to create a specially crafted webpage and then persuade the user to click a link to visit the page. The attacker could provide the link to the user in an email or instant message.

To exploit these vulnerabilities in the BlackBerry Messaging Agent, the attacker would need to embed specially crafted PNG and TIFF images in an email message and send the message to the BlackBerry user. The user would not need to click a link or an image, or view the email message, for the attack to succeed.

RIM suggests a short-term workaround for organisations to disable inline images and rich content for BlackBerry smartphone users.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: