NPC Seal
We use cookies to ensure you get the best browsing experience. By continued use, you agree to our privacy policy and accept our use of such cookies. For further information, click FIND OUT MORE.
I AGREE FIND OUT MORE
x
advertisement
Filtered by: Scitech
SciTech

BlackBerry warns vs hackable vulnerabilities


Smartphone maker BlackBerry has warned users against possible vulnerabilities in its Enterprise Server where certain image files may allow hackers to attack their devices. In a security advisory, BlackBerry said the vulnerabilities lie in the way the BlackBerry Enterprise Server components process images. “Vulnerabilities exist in components of the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone. The BlackBerry® Mobile Data System – Connection Service component processes images on web pages that the BlackBerry® Browser requests. The BlackBerry® Messaging Agent component processes images in email messages... These vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 10.0 (high severity)," it said (http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244). Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server, it said. “Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network," it said. Affected by the vulnerability are:

    BlackBerry® Enterprise Server Express for IBM® Lotus® Domino® BlackBerry® Enterprise Server Express for Microsoft® Exchange BlackBerry® Enterprise Server for IBM® Lotus® Domino® BlackBerry® Enterprise Server for Microsoft® Exchange BlackBerry® Enterprise Server for Novell® GroupWise®
But Blackberry said an attacker would need to create a specially crafted web page and then persuade the BlackBerry smartphone user to click a link to that web page, to exploit these vulnerabilities in how the BlackBerry MDS Connection Service processes PNG and TIFF images. The attacker could provide the link to the user in an email or instant message. Also, it said an attacker would need to embed specially crafted PNG and TIFF images in an email message and send the message to the BlackBerry smartphone user. “The user does not need to click a link or an image, or view the email message, for the attack to succeed in this scenario," it said. — TJD, GMA News
Tags: blackberry, hackers, hacking, hacked, vulnerabilities
News
Voter's Education
Candidates
Find out your candidates' profile
Debates
Find the latest news
Stand on Issues
Find out individual candidate platforms
MyKodigo
Choose your candidates and print out your selection.
Voter's Profile
Voter Demographics
Most Popular