BerryLink 分享 热爱 坚持
致那些已经逝去或即将逝去的美好

黑莓发布Priv四月份安全补丁更新(附:安全更新公告)

据国外机油爆料,BlackBerry于美国东部时间4月2日为Priv推送了最新的四月份安全补丁升级,版本号与此前三月份的一样,为AAE298。此次补丁大小为20.9M,升级 52个app.应该是三月份安全更新,貌似是各个运营商推送时间差异所致。

1459775502232

 

检查系统更新:>设置 – >关于 – >系统更新

黑莓PRIV Android系统更新安全公告 – 2016年4月

PURPOSE OF THIS BULLETIN

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available build, as outlined in the Available Updates section.

BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Nexus Security Bulletin (April 2016) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones.

VULNERABILITIES FIXED IN THIS UPDATE

The following vulnerabilities have been remediated in this update:

Summary Description CVE
Remote Code Execution Vulnerability in DHCPD   A vulnerability in the Dynamic Host Configuration Protocol service could enable an attacker to cause memory corruption, which could lead to remote code execution.   CVE-2016-1503
Remote Code Execution Vulnerabilities in Mediaserver   During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.

The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.

  CVE-2016-0837
CVE-2016-0838
CVE-2016-0841
Elevation of Privilege Vulnerability in Qualcomm RF component   A vulnerability in the Qualcomm RF driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-0844
Elevation of Privilege Vulnerability in IMemory Native Interface   An elevation of privilege vulnerability in the IMemory Native Interface could enable a local malicious application to execute arbitrary code within the context of an elevated system application.   CVE-2016-0846
Elevation of Privilege Vulnerability in Telecom Component   An elevation of privilege vulnerability in the Telecom Component could enable an attacker to spoof calls to appear from any arbitrary number.   CVE-2016-0847
Elevation of Privilege Vulnerability in Download Manager   An elevation of privilege vulnerability in the Download Manager could enable an attacker to gain access to unauthorized files in private storage.   CVE-2016-0848
Elevation of Privilege Vulnerability in Recovery Procedure   An elevation of privilege vulnerability in the Recovery Procedure could enable a local malicious application to execute arbitrary code within the context of an elevated system application.   CVE-2016-0849
Elevation of Privilege Vulnerability in Bluetooth   An elevation of privilege vulnerability in Bluetooth could enable an untrusted device to pair with the phone during the initial pairing process. This could lead to unauthorized access of the device resources, such as the Internet Connection.   CVE-2016-0850
Elevation of Privilege Vulnerability in a Qualcomm Video Kernel Driver   An elevation of privilege vulnerability in a Qualcomm video kernel driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-2410
Elevation of Privilege Vulnerability in Qualcomm Power Management component An elevation of privilege vulnerability in a Qualcomm Power Management kernel driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2411
Elevation of Privilege Vulnerability in System_server An elevation of privilege vulnerability in System_server could enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-2412
Elevation of Privilege Vulnerability in Mediaserver An elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-2413
Denial of Service Vulnerability in Minikin A denial of service vulnerability in the Minikin library could allow a local attacker to temporarily block access to an affected device. An attacker could cause an untrusted font to be loaded and cause an overflow in the Minikin component which leads to a crash. CVE-2016-2414
Information Disclosure Vulnerability in Exchange ActiveSync An information disclosure vulnerability in Exchange ActiveSync could enable a local malicious application to gain access to user’s private information. CVE-2016-2415
Information Disclosure Vulnerabilities in Mediaserver Information disclosure vulnerabilities in mediaserver could permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. CVE-2016-2416
CVE-2016-2417
Elevation of Privilege Vulnerability in Setup Wizard A vulnerability in the Setup Wizard could allow a malicious attacker to bypass the Factory Reset Protection and gain access to the device. CVE-2016-2421
Elevation of Privilege Vulnerability in Wi-Fi An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-2422
Elevation of Privilege Vulnerability in Telephony A vulnerability in Telephony could allow a malicious attacker to bypass the Factory Reset Protection and gain access to the device. CVE-2016-2423
Denial of Service Vulnerability in SyncStorageEngine A denial of service vulnerability in the SyncStorageEngine could enable a local malicious application to cause a reboot loop. CVE-2016-2424
Information Disclosure Vulnerability in Framework An information disclosure vulnerability in the Framework component could allow an application to access sensitive information. CVE-2016-2426
Information Disclosure Vulnerability in BouncyCastle An information disclosure vulnerability in BouncyCastle could allow an authentication key to be leaked. CVE-2016-2427
Elevation of Privilege Vulnerability in the Kernel An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-1805

AVAILABLE UPDATES

An updated software version is available immediately for BlackBerry Powered by Android smartphones that have been purchased fromShopBlackBerry.com. The updated software version can be identified with the following build ID:

  • Build AAE298

If your BlackBerry Powered by Android smartphone was purchased from a source other than ShopBlackBerry.com, please contact that retailer or carrier directly for security maintenance release availability information.

一叶轻舟到天崖

#IChooseBlackBerry 10#Coz it is not only a phone,but also a life way!

Latest posts by 一叶轻舟到天崖 (see all)

赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓发布Priv四月份安全补丁更新(附:安全更新公告)
分享到: 更多 (0)

评论 1

评论前必须登录!

 

  1. #1

    港版的已经收到推送…

    cncpp3年前 (2016-04-06)

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员