RealTime IT News

RIM's Image Problem

Research In Motion (RIM) is warning that vulnerabilities in its BlackBerry Enterprise Server software may allow for malicious attacks.

The server software vulnerability allows an attacker to use a corrupt .tif image file to cause a heap overflow error that can prevent a user from viewing attachments, RIM said in a posting on its customer support Web site.

RIM said there is no impact on any other services, such as sending and receiving messages, making phone calls, browsing the Internet and running BlackBerry wireless device applications to access a corporate network.

The second error exists in the handling of Server Routing Protocol (SRP) packets and can be exploited to disrupt communication between BlackBerry Enterprise Server and BlackBerry Router, potentially causing a DOS attack, according to Secunia.

The security outfit rated the flaw as "moderately critical."

In a posting on its support site, RIM said it was aware of the vulnerability and will fix the problem in future releases of BlackBerry Enterprise Server. The company suggests administrators use a workaround that blocks .tif attachments or disable the attachments on BlackBerrys.