GMA Brandtalk
Tracking
Archives
BlackBerry warns vs hackable vulnerabilities
Smartphone maker BlackBerry has warned users against possible vulnerabilities in its Enterprise Server where certain image files may allow hackers to attack their devices. In a security advisory, BlackBerry said the vulnerabilities lie in the way the BlackBerry Enterprise Server components process images. “Vulnerabilities exist in components of the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone. The BlackBerry® Mobile Data System – Connection Service component processes images on web pages that the BlackBerry® Browser requests. The BlackBerry® Messaging Agent component processes images in email messages... These vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 10.0 (high severity)," it said (http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244). Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server, it said. “Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network," it said. Affected by the vulnerability are:
- BlackBerry® Enterprise Server Express for IBM® Lotus® Domino® BlackBerry® Enterprise Server Express for Microsoft® Exchange BlackBerry® Enterprise Server for IBM® Lotus® Domino® BlackBerry® Enterprise Server for Microsoft® Exchange BlackBerry® Enterprise Server for Novell® GroupWise®
