BlackBerry TIFF Vulnerability Could Allow Access To Enterprise Server 41
Trailrunner7 writes "A vulnerability exists in some components of BlackBerry mobile devices that could grant attackers access to instances of the company's Enterprise Server (BES), according to BlackBerry, which issued an alert and released a patch for the vulnerability last week via its Knowledge Base support site. BES, the software implicated by the vulnerability, helps companies deploy BlackBerry devices. The high severity advisory involves the way the phone views Tagged Image File Format (TIFF) files, specifically the way the phone's Mobile Data System Connection Service and Messaging Agent processes and renders the images. An attacker could rig a TIFF image with malware and get a user to either view the image via a specially crafted website or send it to the user via email or instant message. The last two exploit vectors could make it so the user wouldn't have to click the link or image, or view the email or instant message, for the attack to prove successful. Once executed, an attacker could access and execute code on Blackberry's Enterprise Server."
Re:TIFF with Malware? (Score:3, Informative)
Code has to run to display the image - all you need to do is format the data in a way such that the code which deals with it will end up overwriting parts of itself and then you can run whatever you want. It's very specific to a particular decoder on a particular device.
TFA and summary are incorrect (Score:5, Informative)
Unsurprisingly, the summary and TFA get it wrong. The vulnerability is not in devices. "Messaging Agent" and "MDS Connection Service" are server side components - the vulnerability is there, and not on the phone.
The phone can trigger them because web browsing on a BES-connected device goes through the MDS connection service, so a properly crafted web page can compromise the the MDS service on the server.
Similarly, sending an email will get routed through messaging agent - which is why a crafted email can trigger this without the email being opened on the client device.
Re:Good news, we're all safe (Score:5, Informative)
Re:Good news, we're all safe (Score:1, Informative)