BerryLink
分享 热爱 坚持

黑莓官方发布Android系统黑莓手机系统更新安全公告

在黑莓官方向Android系统黑莓手机(Priv)推送首个系统更新的同时,发布了有关这次官方系统更新的安全公告,公告建议Priv用户更新系统到最新的版本,以解决原有已发现的安全漏洞。

详细内容如下(原文)

PURPOSE OF THIS BULLETIN

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry® powered by Android™ smartphones. We recommend users update to the latest available build, as outlined in the Available Updates section.

VULNERABILITIES FIXED IN THIS UPDATE

The following vulnerabilities have been remediated in this update:

Summary Description CVE
Remote Code Execution Vulnerability in Mediaserver   During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
  CVE-2015-6616
Remote Code Execution Vulnerability in Skia   A vulnerability in the Skia component may be leveraged when processing a specially crafted media file that could lead to memory corruption and remote code execution in a privileged process.   CVE-2015-6617
Remote Code Execution Vulnerability in Bluetooth   A vulnerability in Android’s Bluetooth component could allow remote code execution from a successfully paired device, after the personal area network (PAN) profile is enabled (for example using Bluetooth Tethering) and the device is paired. The remote code execution would be at the privilege of the Bluetooth service. A device is only vulnerable to this issue from a successfully paired device while in local proximity.   CVE-2015-6618
Elevation of Privilege Vulnerabilities in libstagefright   Multiple vulnerabilities in libstagefright can enable a local malicious application to execute arbitrary code within the context of the mediaserver service.   CVE-2015-6620
Elevation of Privilege Vulnerability in SystemUI   When setting an alarm using the clock application, a vulnerability in the SystemUI component can allow an application to execute a task at an elevated privilege level.   CVE-2015-6621
Information Disclosure Vulnerability in Native Frameworks Library   An information disclosure vulnerability in Android Native Frameworks Library can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform.   CVE-2015-6622
Information Disclosure Vulnerabilities in libstagefright   Information disclosure vulnerabilities in libstagefright, during communication with mediaserver, can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform.   CVE-2015-6626,
CVE-2015-6631,
CVE-2015-6632
Information Disclosure Vulnerability in Audio   A vulnerability in the Audio component can be exploited during audio file processing. This vulnerability could allow a local malicious application, during processing of a specially crafted file, to cause information disclosure.   CVE-2015-6627
Information Disclosure Vulnerability in Media Framework   An information disclosure vulnerability in Media Framework, during communication with mediaserver, can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform.   CVE-2015-6628
Information Disclosure Vulnerability in Wi-Fi   A vulnerability in the Wi-Fi component could allow an attacker to cause the Wi-Fi service to disclose information.   CVE-2015-6629
Information Disclosure Vulnerability in SystemUI   An information disclosure vulnerability in the SystemUI can enable a local malicious application to gain access to screenshots.
赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓官方发布Android系统黑莓手机系统更新安全公告
分享到: 更多 (0)

评论 抢沙发

评论前必须登录!

 

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员