1. Accidental Post's Avatar
    RIM Warns of BlackBerry Code Execution Security Flaws
    By Ryan Naraine | August 10, 2011, 12:49pm PDT

    Summary: Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the BlackBerry smartphone.

    Research in Motion (RIM) has issued an advisory to warn of the risk of remote code execution attacks on the BlackBerry Enterprise Server.

    The company shipped a patch that covers a total of five documented vulnerabilities that could be exploited via PNG or TIFF images.

    From the RIM advisory:
    Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.

    To exploit these vulnerabilities in how the BlackBerry MDS Connection Service processes PNG and TIFF images, an attacker would need to create a specially crafted web page and then persuade the BlackBerry smartphone user to click a link to that web page. The attacker could provide the link to the user in an email or instant message.

    To exploit these vulnerabilities in how the BlackBerry Messaging Agent processes PNG and TIFF images, an attacker would need to embed specially crafted PNG and TIFF images in an email message and send the message to the BlackBerry smartphone user. The user does not need to click a link or an image, or view the email message, for the attack to succeed in this scenario.

    Affected software includes:

    BlackBerry Enterprise Server version 5.0.1 through 5.0.3 MR2 for Microsoft Exchange
    BlackBerry Enterprise Server version 5.0.1 through 5.0.3 MR2 for IBM Lotus Domino
    BlackBerry Enterprise Server version 4.1.7 and version 5.0.1 through 5.0.1 MR3 for Novell GroupWise
    BlackBerry Enterprise Server Express version 5.0.1 through 5.0.3 for Microsoft Exchange
    BlackBerry Enterprise Server Express version 5.0.2 and 5.0.3 for IBM Lotus Domino
    RIM said the BlackBerry smartphones and the BlackBerry Device Software are not affected by these vulnerabilities.

    RIM warns of BlackBerry code execution security flaws | ZDNet

    Now go and tell me how secure the BB is.........

    And the kicker is no app needed.........................
    Last edited by Accidental Post; 08-12-11 at 08:46 AM.
    08-12-11 07:39 AM
  2. kbz1960's Avatar
    Are you warning apple users since it's posted in the apple section? Or are you saying nana nana bobo?

    OK I've been warned and will head said warning.
    01itr likes this.
    08-12-11 08:58 AM
  3. Accidental Post's Avatar
    Just stating facts all of the BB users want to run into this forum and say oooh a 10 year old girl can trick a game and call it an exploit.....A JB expert finds a flaw so we CAN JailBreak and BB users jump in and say there you go iOS is not as secure as my beloved BB. So it was just a statement of FACT if it is exploitable it will be NOTHING is 100% secure as all of you BB lovers think........and what is so damn IRONIC is that there is no mention of the Security issue on the main page here just like every other so called "news" outlet reporting what helps their own cause, if Kevin wanted to be fair he may mention to people that hey buys the BES side of BB has an issue and you need to apply the patches. But as usual it will get buried.......
    08-12-11 09:03 AM
  4. grover5's Avatar
    It seems like you're just looking for an argument. There is already a lengthy thread on this by the way.
    08-12-11 09:06 AM
  5. HerpADerp's Avatar
    Patched a month ago in MR3, maybe the people on Novell need to care but they need to move to a real mail system anyhow. Good try though.

    Edit: lol u mad
    01itr likes this.
    08-12-11 09:06 AM
  6. kbz1960's Avatar
    I hear ya and agree to a point. If good hackers want to find their way into something they will.
    08-12-11 09:07 AM
  7. Shao128's Avatar
    It seems like you're just looking for an argument. There is already a lengthy thread on this by the way.

    This.
    Closed.
    08-12-11 09:14 AM
LINK TO POST COPIED TO CLIPBOARD