BlackBerry Enterprise Server malicious TIFF attack discovered

BlackBerry has released a fix for a flaw that can be exploited without any user interaction.

BlackBerry is urging BlackBerry Enterprise Server (BES) customers to apply an update which fixes two flaws, one of which can be exploited by merely sending a BlackBerry smartphone an email with a malicious embedded TIFF.

Read this

A history of BlackBerry in nine iconic handsets (and one 'meh' tablet): Photos

BlackBerry 10 is just around the corner, but before it arrives take a look at the handsets that made RIM a titan in the enterprise space. Will its next batch of handsets be enough to get businesses and consumers back on side?

Read More

The flaws, detailed in an advisory last week, are found in the way two BES services process TIFF files for rendering on BlackBerry smartphones. BlackBerry Mobile Data System (MDS) Connection Service processes TIFF files on web pages, while BlackBerry Messaging Agent processes images in email messages. Both are vulnerable to attacks using malicious TIFF files.

"These vulnerabilities could allow an attacker to execute arbitrary code using the privileges of the BlackBerry Enterprise Server login account," BlackBerry said in the advisory.

To exploit the TIFF flaw in MDS, an attacker would need to trick a BlackBerry user into clicking a link to a malicious web page, while an attack on BlackBerry Messaging Agent could be achieved merely by sending a BlackBerry user a malicious embedded TIFF by email or instant message.

"The user does not need to click a link or an image, or view the email message or instant message for the attack to succeed in this scenario," BlackBerry said of the Messaging Agent flaw.

The flaws affect BES Express version 5.0.4 for Microsoft Exchange and IBM Lotus Domino and BES version 5.0.4 and earlier for Exchange, Domino and Novell Groupwise.

The company has given the vulnerabilities a critical rating and urged BES administrators to either apply an update taking BES to version 5.0.4 MR2 or install an interim security update. RIM said it was not aware of any attacks targeting BES customers.