If you associate BlackBerry with top-notch security, time to think again. The company has released news which warns of a vulnerability that could expose enterprise servers to massive malware attacks.
Listed as “high severity”, the flaw could allow attackers to leverage a loophole in the way TIFF image files are rendered to take down servers. From the release:
Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone.
Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server.
Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.
A potential attack could, presumably, load a TIFF file with malware and trick users into loading it, through whatever means, quite easily. There are no reports of attacks yet — but an update is highly recommended. [BlackBerry via Naked Security via Engadget]