14 DAY TRIAL // Research In Motion (RIM) has patched several vulnerabilities in its BlackBerry Enterprise Server (BES) software which could allow attackers to take control over affected systems remotely.
The five flaws are located in the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent and stem from the way these services process PNG and TIFF images for rendering on BlackBerry smartphones.
Potential attackers can use several attack vectors to exploit the vulnerabilities. For example, in order to exploit the ones located in the MDS Connection Service they can trick BlackBerry users into opening maliciously crafted pages on their devices.
This can easily be done by distributing the links via emails or instant messages. Following successful exploitation attackers could reach deeper into the network, especially if BES is configured with high privileges.
To exploit the vulnerabilities in the BlackBerry Messaging Agent attackers can embed specially crafted PNG or TIFF images into email messages. Users don't even have to open the email messages for this attack to succeed since the service will process the images regardless.
All of the patched vulnerabilities bear a score of 10 on the Common Vulnerability Scoring System (CVSS) scale. This is the maximum level of severity a vulnerability can have.
BES administrators are urged to deploy the available patches as soon as possible due to the potential impact of these attacks. People who can't patch yet, can temporarily mitigate the issues by implementing IT policy rules that disable the display of inline images and rich content on devices.
The affected BES versions include BlackBerry Enterprise Server version 5.0.1 through 5.0.3 MR2 for Microsoft Exchange, BlackBerry Enterprise Server version 5.0.1 through 5.0.3 MR2 for IBM Lotus Domino, BlackBerry Enterprise Server version 4.1.7 and version 5.0.1 through 5.0.1 MR3 for Novell GroupWise, BlackBerry Enterprise Server Express version 5.0.1 through 5.0.3 for Microsoft Exchange, and BlackBerry Enterprise Server Express version 5.0.2 and 5.0.3 for IBM Lotus Domino.