Originally Posted by jibi
Seriously though, I think this is being slightly overblown. When the application is released, I'm going to test it out myself. We have MDS disabled for our production servers, so I'm sure that helps out a lot. As for the MAPI attack, the RIM KB article states the attacker must gain access to the internal network (through a PC) and know the victim's PIN number. If an attacker gets that far, then I'd personally think there were bigger issues to deal with.
This is not overblown, because the default IT Policy is to allow end users to install any application. I could have written this hack a year ago.
Edit: Well, certain apps have to be signed first. But even then, a signing key is $100.