BlackBerry has issued a “high severity” warning to users of BlackBerry Enterprise Server (BES), cautioning that security vulnerabilities found within the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent could leave users susceptible to malware attacks.
BlackBerry says that the problem lies in the processing and rendering of TIFF images on BlackBerry smartphones.
In the BlackBerry MDS Connection Service, attackers can exploit a loophole in the TIFF image rendering process and gain unauthorized access to code on BES by creating a malicious webpage and convincing users to click on it.
In the BlackBerry Messaging Agent, users are told to look out for suspicious emails or instant messages that could contain embedded, “specially crafted,” malicious TIFF images.
Not all is bad with BlackBerry and the enterprise, though. The company says that it has issued an update to BES, version 5.0.4 MR2, that resolves these vulnerabilities. A temporary security update has also been released that is said to fix the flaws but doesn’t add any other changes within v5.0.4. BlackBerry requests that users download one of these updates to keep themselves secure.