BlackBerry is urging BlackBerry Enterprise Server (BES) customers to apply an update which fixes two flaws, one of which can be exploited by merely sending a BlackBerry smartphone an email with a malicious embedded TIFF.
The flaws, detailed in an advisory last week, are found in the way two BES services process TIFF files for rendering on BlackBerry smartphones. BlackBerry Mobile Data System (MDS) Connection Service processes TIFF files on web pages, while BlackBerry Messaging Agent processes images in email messages. Both are vulnerable to attacks using malicious TIFF files.
"These vulnerabilities could allow an attacker to execute arbitrary code using the privileges of the BlackBerry Enterprise Server login account," BlackBerry said in the advisory.
To exploit the TIFF flaw in MDS, an attacker would need to trick a BlackBerry user into clicking a link to a malicious web page, while an attack on BlackBerry Messaging Agent could be achieved merely by sending a BlackBerry user a malicious embedded TIFF by email or instant message.
"The user does not need to click a link or an image, or view the email message or instant message for the attack to succeed in this scenario," BlackBerry said of the Messaging Agent flaw.
The flaws affect BES Express version 5.0.4 for Microsoft Exchange and IBM Lotus Domino and BES version 5.0.4 and earlier for Exchange, Domino and Novell Groupwise.
The company has given the vulnerabilities a critical rating and urged BES administrators to either apply an update taking BES to version 5.0.4 MR2 or install an interim security update. RIM said it was not aware of any attacks targeting BES customers.