BlackBerry has warned its enterprise users that it has found a serious problem with BlackBerry Enterprise Server, and a patch needs to be applied immediately.
The vulnerability is in BES components that process images. If a BlackBerry device gets a TIFF image file in an email — just receives it, it doesn’t need to be opened on the device — then it’s possible that a hacker could remotely gain access to and execute code on the BES server. The TIFF image could also be embedded on a webpage.
To remove this vulnerability, it is necessary to install either the newly-released BlackBerry Enterprise Server version 5.0.4 MR2, or the interim security update to BlackBerry Enterprise Server Express version 5.0.4.
For more information on this security issue, or how to get an install the patch, visit the BlackBerry Knowledge Base.