back to article BlackBerry squashes W-TIFF-F bug that's ripe for malware squirters

BlackBerry has patched a security vulnerability that allowed hackers to execute malicious code on systems running its BlackBerry Enterprise Server (BES) software. The bug, rated as "high severity", is triggered by specially crafted TIFF image files that travel into BES as users visit webpages, receive emails and exchange …

COMMENTS

This topic is closed for new posts.
  1. Christian Berger Silver badge

    Not the first time

    A few years back, a bug in a popular image processing library was found. Some months later Blackberry, which apparently used that library, admitted to having a security hole.

    1. TeeCee Gold badge
      Coat

      Re: Not the first time

      Complete the following phrase:

      Blackberry is to TIFF as Apple is to ****.

  2. Gordon Fecyk
    Thumb Down

    I guess the JPEG GDI+ exploit was so last decade...

    This is a bit of a twist on normal exploitation simply because the malicious code is actually inside of an image, something that hasn’t really been done before.

    Set the WABAC machine for 2004, Fred: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution.

    We really do have short memories in this industry.

    1. Captain Scarlet Silver badge
      Pint

      Re: I guess the JPEG GDI+ exploit was so last decade...

      I was about to mention the same thing, whats next there being shock and awe when someone finds people are using Word Documents to distribute malicious code with VBA :O

  3. g dot assasin
    FAIL

    It's surprising how many besadmin accounts I've seen that had domain admin rather than the local admin permissions it actually needs!

    1. Christian Berger Silver badge

      Wait? It needs admin permissions? What for?

      It only needs to act as a proxy between the mail server and the mobile device what on earth could it need admin permissions?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020