BlackBerry has recently issued a warning that enterprise servers could be remotely accessed when they process images in a TIFF format. Attackers would need to craft a specific web page and get someone with sufficient privileges to click on a link to that page on their BlackBerry. Alternatively, they could send an e-mail or an instant message with this image, and they wouldn't even have to answer it in order for the exploit to work. Here's a snippet from the recently-released knowledge base article...
Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.
We've seen these kinds of security vulnerability warnings issued before, and generally when they're this high on the severity scale, they get taken care of pretty quickly. In fact, a software patch is already in place to fix this TIFF vulnerability - admins just have to update their servers to version 5.0.4 MR2 or download an interim release.
So end users, so long as your IT dude is competent and keeping the BES software up to date, you really don't have anything to worry about.
Read more
BlackBerry's President of Enterprise talks about why they're opening up on MDM
BlackBerry's announcement today that they are opening BB10 to outside MDM platforms came as something of a surprise, so John Sims, President of Global Enterprise Services, took to explaining why BlackBerry is taking this route, and it all comes down to getting more customers who use mobile device management systems other than BES. MDM is no longer a meaningful point of...
BlackBerry CEO says Good is not good enough when it comes to security
BlackBerry CEO John Chen stood fast against claims from competitor Good Technology that customers were seeking them because BlackBerry couldn't handle multiple platforms. As most folks around CrackBerry will be eager to point out, BlackBerry's been doing that for awhile, and Chen reiterated the fact in a recent blog post. "BlackBerry has provided multi-platform OS management for nearly...
How Go Talk intends to be the BlackBerry of mobile carriers
Identity theft often goes through an unexpected route: conning the carrier. Go Talk Wireless wants to stamp out SIM swap fraud at the source.
It's time for my family to take the plunge on a VPN
A good VPN isn't as complicated as it used to be, but it's still a pretty big step for a "regular" user to take. But it's time to get my family used to it. Their data may depend on it.