BlackBerry Fixes Vulnerabilities

Tuesday, February 19, 2013 @ 02:02 PM gHale

An update is available that can fix vulnerabilities that could lead to an attacker remotely executing arbitrary code in RIM’s BlackBerry Enterprise Server components.

In order to fix the issue, RIM released BlackBerry Enterprise Server 5.0.4 MR2.

Mobile Number Harvesting Tool
Website Attacks up 600%
Money Top Reason to Attack
Users a Top Security Threat

According to the advisory published by the company, the security holes affect the components that process TIFF images for rendering on BlackBerry smartphones.

In some cases, the security holes could also allow the attacker to extend access to other parts of the network.

In order to exploit the vulnerabilities that affect the Mobile Data System’s Connection Service component, the attacker would have to create a malicious webpage and convince the victim to access it.

The flaws that affect the BlackBerry Messaging Agent or the BlackBerry Collaboration Service components are more dangerous because there’s no user interaction required for the attack to be successful. The attacker must simply attach a specially-crafted TIFF image to an email or an instant message and send it to a BlackBerry smartphone.

“The user does not need to click a link or an image, or view the email message or instant message for the attack to succeed in this scenario,” the company said.

RIM is not aware of any attacks taking advantage of these vulnerabilities, but taking into account the fact they are of high severity, the company advises customers to update to the latest version to ensure full protection.

In addition to BlackBerry Enterprise Server 5.0.4 MR2, which applies to all supported versions of the product, RIM also released an interim security update.

The interim update addresses the vulnerabilities, but it doesn’t contain other changes found in the latest version of Enterprise Server.

Leave a Reply

You must be logged in to post a comment.