BerryLink
专注黑莓,为你而在

Priv by BlackBerry第一次系统升级内容公布!Android的安全呐!

黑莓官网商店购买Priv的机油想必已经收到第一次系统升级,美国东部时间12月7日开始其他版本Priv也将陆续收到系统升级,那Priv的第一次系统升级内容包括那些呢?

黑莓官方在其官方公告上公开了13处升级内容,包括:

Summary Description CVE
Remote Code Execution Vulnerability in Mediaserver(在媒体服务器上存在远程执行代码漏洞) During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
CVE-2015-6616
Remote Code Execution Vulnerability in Skia(在Skia上存在远程执行代码漏洞) A vulnerability in the Skia component may be leveraged when processing a specially crafted media file that could lead to memory corruption and remote code execution in a privileged process. CVE-2015-6617
Remote Code Execution Vulnerability in Bluetooth(在蓝牙上存在远程执行代码漏洞) A vulnerability in Android’s Bluetooth component could allow remote code execution from a successfully paired device, after the personal area network (PAN) profile is enabled (for example using Bluetooth Tethering) and the device is paired. The remote code execution would be at the privilege of the Bluetooth service. A device is only vulnerable to this issue from a successfully paired device while in local proximity. CVE-2015-6618
Elevation of Privilege Vulnerabilities in libstagefright(在libstagefright方面存在特权权限提升的漏洞) Multiple vulnerabilities in libstagefright can enable a local malicious application to execute arbitrary code within the context of the mediaserver service. CVE-2015-6620
Elevation of Privilege Vulnerability in SystemUI(在系统UI上存在提升特权的漏洞) When setting an alarm using the clock application, a vulnerability in the SystemUI component can allow an application to execute a task at an elevated privilege level. CVE-2015-6621
Information Disclosure Vulnerability in Native Frameworks Library(在原生框架库存在信息泄漏的漏洞) An information disclosure vulnerability in Android Native Frameworks Library can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. CVE-2015-6622
Information Disclosure Vulnerabilities in libstagefright(在libstagefright上存在信息泄漏的漏洞) Information disclosure vulnerabilities in libstagefright, during communication with mediaserver, can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. CVE-2015-6626,
CVE-2015-6631,
CVE-2015-6632
Information Disclosure Vulnerability in Audio(在声音方面存在信息泄漏的漏洞) A vulnerability in the Audio component can be exploited during audio file processing. This vulnerability could allow a local malicious application, during processing of a specially crafted file, to cause information disclosure. CVE-2015-6627
Information Disclosure Vulnerability in Media Framework(在媒体框架上存在信息泄漏的漏洞) An information disclosure vulnerability in Media Framework, during communication with mediaserver, can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. CVE-2015-6628
Information Disclosure Vulnerability in Wi-Fi(在Wi-Fi上存在信息泄漏的漏洞) A vulnerability in the Wi-Fi component could allow an attacker to cause the Wi-Fi service to disclose information. CVE-2015-6629
Information Disclosure Vulnerability in SystemUI(在系统UI上存在信息泄漏的漏洞) An information disclosure vulnerability in the SystemUI can enable a local malicious application to gain access to screenshots. CVE-2015-6630

 

一叶轻舟到天崖

#IChooseBlackBerry 10#Coz it is not only a phone,but also a life way!

Latest posts by 一叶轻舟到天崖 (see all)

赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » Priv by BlackBerry第一次系统升级内容公布!Android的安全呐!
分享到: 更多 (0)

评论 5

评论前必须登录!

 

  1. #1

    为啥港版的到现在也没有收到更新啊!!伤心。。。。

    雪蝎19273年前 (2015-12-10)
    • 说明销量大..推送需要时间

      cncpp3年前 (2015-12-10)
      • 好吧,希望快快有吧。。。

        雪蝎19273年前 (2015-12-10)

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员