{"id":2436,"date":"2013-02-20T00:00:00","date_gmt":"2013-02-20T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/02\/20\/blackberry-enterprise-server-vulnerable-to-malware-from-tiff-images-ubergizmo\/"},"modified":"2021-12-30T11:41:20","modified_gmt":"2021-12-30T11:41:20","slug":"blackberry-enterprise-server-vulnerable-to-malware-from-tiff-images-ubergizmo","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/02\/20\/blackberry-enterprise-server-vulnerable-to-malware-from-tiff-images-ubergizmo\/","title":{"rendered":"Blackberry Enterprise Server Vulnerable To Malware From TIFF Images | Ubergizmo"},"content":{"rendered":"<p>Blackberry has announced that vulnerabilities in its Blackberry Enterprise Server could possibly allow malicious code in image files to be executed remotely. The flaw that been rated as \u201chigh severity\u201d works in the following manner: A malicious person writes a special code and then embeds it in a TIFF image file. &#8230;  As soon as the image file loads on the phone, the code runs on the Blackberry Enterprise server and either opens up a back door in the network or causes the network to crash altogether as instructed in the basic code.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to the advisory given by Blackberry \u201cVulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone.   Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server.   Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.\u201d<\/p>\n<p>The good news for system administrators is that Blackberry has announced solutions within its advisory message and has also published a workaround. <\/p>\n<p>Link: http:\/\/www.ubergizmo.com\/2013\/02\/blackberry-exchange-server-vulnerable-to-malware-from-tiff-images\/<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2436","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2436","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2436"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2436\/revisions"}],"predecessor-version":[{"id":4923,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2436\/revisions\/4923"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}