RIM warns of high severity BlackBerry Enterprise Server vulnerabilities

RIM has warned of several high severity vulnerabilities in its enterprise software which could allow attackers to gain access to and execute code on the BlackBerry Enterprise Server.

The company revealed in a security advisory that the flaws relate to the way the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the firm's smartphones.

An attacker would have to entice a user to a specially crafted web page or embed specially crafted PNG and TIFF images in an email to exploit the vulnerability, which has been given a Common Vulnerability Scoring System rating of 10.0, meaning high severity.

RIM urged all users to install the relevant security update on any computer which hosts a BlackBerry MDS Connection Service or BlackBerry Messaging Agent instance.

"These updates replace the installed image.dll file that the affected components use with an image.dll file that is not affected by the vulnerabilities," the firm said.

Sophos senior technology consultant Graham Cluley warned that, by exploiting the flaws, hackers may be able to plant malicious code on a user's BlackBerry Enterprise Server which "opens up a back door for remote access".

"Depending on how your network infrastructure is set up, intruders might be able to see into other parts of your network and steal information," he added.

"Alternatively, the hackers' code might cause your systems to crash, perhaps interrupting communications."

The news comes just one day after security researchers at NGS Secure found potential security problems with RIM's PlayBook tablet.