RIM issues fix for BlackBerry vulnerabilities

A bug in the BlackBerry Mobile Data Service (MDS) Connection Service component can be used to potentially gain network access.

Research in Motion (RIM), the maker of the BlackBerry smartphone, has issued a security update fixing BlackBerry vulnerabilities affecting the BlackBerry Enterprise Server and the BlackBerry Enterprise Server Express.

The vulnerabilities, which have been given a high severity rating, would allow a hacker to execute remote code on the server. The update affects the BlackBerry Mobile Data Service (MDS) Connection Service component, which processes images on webpages, and the BlackBerry Messaging Agent, which processes PNG and TIFF images for rendering on the BlackBerry smartphone.

RIM said an attacker could use the vulnerability to potentially gain access to other non-segmented parts of the network. To exploit the vulnerabilities in the MDS connection service, the attacker would need to create a specially crafted webpage and then persuade the user to click a link to visit the page. The attacker could provide the link to the user in an email or instant message.

To exploit these vulnerabilities in the BlackBerry Messaging Agent, the attacker would need to embed specially crafted PNG and TIFF images in an email message and send the message to the BlackBerry user. The user would not need to click a link or an image, or view the email message, for the attack to succeed.

RIM suggests a short-term workaround for organisations to disable inline images and rich content for BlackBerry smartphone users.

Dig deeper on Smartphone and PDA Viruses and Threats-Setup and Tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close