BlackBerry issued fixes this week for critical vulnerabilities in its BlackBerry Enterprise Server (BES) that could result in escalation of privileges and arbitrary code execution.
The security issues are related to how some components in BES process TIFF images before they are displayed on BlackBerry devices. Depending on the privileges granted to the BES service account, an attacker would be able to exploit the flaws to access other parts of the network and execute arbitrary code, the company said in the advisory.
Attackers would be able to exploit these vulnerabilities by creating a specially crafted web page and then persuading a BlackBerry smartphone user to click on a link in an email or instant message pointing to that web page, the company said. In another attack scenario, attackers could also embed specially crafted TIFF images in the email or instant message and send it to the BlackBerry smartphone user. Since the vulnerability is within BES, the smartphone user does not even need to view the message, let along click on that image, for that attack to succeed.
“Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or allow elevation of privileges,” the advisory said.
All of these vulnerabilities have the maximum Common Vulnerability Scoring System score of 10.0, which stands for “high severity.” However, the company said it is “not aware of any attacks on or specifically targeting BlackBerry Enterprise Server customers.”
The updates affect BlackBerry Enterprise Server Express versions 5.02 through 5.04 and BlackBerry Enterprise Server versions 5.02 through 5.04 for Microsoft Exchange and IBM Lotus Domino. BlackBerry Enterprise Server versions 5.0.1 and 5.0.4 for Novell Groupwise are also impacted, the company said. Other BlackBerry software, BES versions 5.0.4 and later, BlackBerry smartphones, and the BlackBerry Device Software are not affected.
The affected components in the vulnerable applications include the BlackBerry Mobile Data System-Connection Service, which processes images on websites loaded on the browser; BlackBerry Messaging Agent, which processes images in email messages; and BlackBerry Collaboration Service, which processes images in instant messages sent using BES and related products.
Administrators with impacted BlackBerry Enterprise Server systems should apply BlackBerry Enterprise Server version 5.0.4 MR2 and an interim security update to BlackBerry Enterprise Server Express version 5.0.4 to close the vulnerabilities. The update would replace the installed image.dll file with a newer version.