A vulnerability exists in some components of BlackBerry mobile devices that could grant attackers access to instances of the company’s Enterprise Server (BES), according to Research in Motion (RIM), which issued an alert and released a patch for the vulnerability last week via its Knowledge Base support site. BES, the software implicated by the vulnerability, helps companies deploy BlackBerry devices.
The high severity advisory involves the way the phone views Tagged Image File Format (TIFF) files, specifically the way the phone’s Mobile Data System Connection Service and Messaging Agent processes and renders the images.
An attacker could rig a TIFF image with malware and get a user to either view the image via a specially crafted website or send it to the user via email or instant message. The last two exploit vectors could make it so the user wouldn’t have to click the link or image, or view the email or instant message, for the attack to prove successful. Once executed, an attacker could access and execute code on Blackberry’s Enterprise Server. According to the advisory, an attacker could also “extend access to other non-segmented parts of the network,” depending on privileges.
While RIM notes that it isn’t aware of any attacks using the vulnerability currently targeting BES customers, it’s still encouraging them to update to the most recent version, 5.0.4 MR2 or apply an interim security update (.PDF) that fixes the TIFF vulnerability by subbing out the affected image.dll file and replacing it with a clean one.
The vulnerability sounds almost identical to one from 2011 that affected BES, along with other versions of BES for Exchange, Lotus Domino and Novell. That problem – which in addition to TIFF files, could also be exploited through malicious PNG files – appears to have been just as severe as last week’s. Since both vulnerabilities allowed remote arbitrary code execution, both were highly critical, with each receiving a Common Vulnerability Scoring System (CVSS) score of 10.0.