BlackBerry warns of TIFF vulnerability that could allow malware to run on enterprise servers

Graham Cluley
Graham Cluley
@[email protected]

Blackberry Enterprise ServerIf you are responsible for administering the BlackBerry phones used by staff at your company, there’s some important security news.

According to a BlackBerry security advisory published last week, vulnerabilities exist that could allow remote hackers to run malicious code on the BlackBerry Enterprise Server (BES) software run by many firms.

The flaw, which has been rated as “high severity”, involves how BlackBerry’s enterprise software handles TIFF image files on webpages, in emails, and in instant messages.

According to BlackBerry’s advisory:

Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone.

Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server.

Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.

In short, a malicious hacker could create a boobytrapped TIFF image file and either trick a BlackBerry smartphone user into visiting a webpage carrying the image, or embed the malicious image directly into an email or instant message.

According to BlackBerry, the BlackBerry Messaging Agent flaw does not even require a user to click on a link or view an email for the attack to succeed.

The risk is that by exploiting the flaw, hackers might be able to plant malicious code on your BlackBerry Enterprise Server that opens a backdoor for remote access.

Sign up to our free newsletter.
Security news, advice, and tips.

Depending on how your network infrastructure is set up – intruders might be able to see into other parts of your network and steal information.

Alternatively, the hackers’ code might cause your systems to crash – perhaps interrupting communications.

It’s important to underline that these are not vulnerabilities in BlackBerry smartphones themselves. Like other BlackBerry-related vulnerabilities we’ve seen in the past, the potential attack is against the BlackBerry Enterprise Server used by businesses.

As more and more companies are waking up to the risk of targeted attacks with the apparent intention of stealing data and spying on activities, such a vulnerability is clearly a serious concern.

The good news is that BlackBerry has not received any reports of attacks targeting its enterprise customers, but obviously it is still a very good idea for affected customers to update their software as soon as possible. The company has published workarounds for those businesses who may not be able to quickly update their installation of Blackberry Enterprise Server.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.