BerryLink
专注黑莓,为你而在

黑莓发布搭载Android系统Blackberry手机安全公告-2016年8月

黑莓官方发布2016年8月搭载Android系统Blackberry手机安全公告,更新版本号为AAF960。本次更新文件为186.1MB。

Blackberry PRIV与DTEK50机型都会收到这次更新。

此次更新(AAF960)可修复下面的漏洞:

Summary/摘要 Description/说明 CVE/漏洞编号
Remote Code Execution Vulnerabilities in Mediaserver Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media. CVE-2016-3819
CVE-2016-3820
CVE-2016-3821
Remote Code Execution Vulnerability in libjhead A remote code execution vulnerability in libjhead could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. CVE-2016-3822
Elevation of Privilege Vulnerabilities in Mediaserver Elevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-3823
CVE-2016-3824
CVE-2016-3825
CVE-2016-3826
Denial of Service Vulnerabilities in Mediaserver Denial of service vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause a device hang or reboot. CVE-2016-3827
CVE-2016-3828
CVE-2016-3829
CVE-2016-3830
Denial of Service Vulnerability in System Clock A denial of service vulnerability in the system clock could enable a remote attacker to crash the device. CVE-2016-3831
Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2016-3832
Elevation of Privilege Vulnerability in Shell An elevation of privilege in the Shell could enable a local malicious application to bypass device constraints such as user restrictions. CVE-2016-3833
Information Disclosure Vulnerability in Camera APIs An information disclosure vulnerability in the camera APIs could allow a local malicious application to access data outside of its permission levels. CVE-2016-3834
Information Disclosure Vulnerability in Mediaserver An information disclosure vulnerability in mediaserver could allow a local malicious application to access data outside of its permission levels. CVE-2016-3835
Information Disclosure Vulnerability in SurfaceFlinger An information disclosure vulnerability in the SurfaceFlinger service could enable a local malicious application to access data outside of its permission levels. CVE-2016-3836
Information Disclosure Vulnerability in Wi-Fi An information disclosure vulnerability in Wi-Fi could allow a local malicious application to access data outside of its permission levels. CVE-2016-3837
Denial of Service Vulnerability in System UI A denial of service vulnerability in the system UI could enable a local malicious application to prevent 911 calls from a locked screen. CVE-2016-3838
Denial of Service Vulnerability in Bluetooth A denial of service vulnerability in Bluetooth could enable a local malicious application to prevent 911 calls from a Bluetooth device. CVE-2016-3839
Remote Code Execution Vulnerability in Conscrypt A remote code execution vulnerability in Conscrypt could enable a remote attacker to execute arbitrary code within the context of a privileged process. CVE-2016-3840
Elevation of Privilege Vulnerabilities in Kernel Networking Component Elevation of privilege vulnerabilities in the kernel networking component could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-2686
CVE-2016-3841
Elevation of Privilege Vulnerabilities in Qualcomm GPU driver Elevation of privilege vulnerabilities in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2504
CVE-2016-3842
Elevation of Privilege Vulnerabilities in Qualcomm Performance Component Elevation of privilege vulnerabilities in the Qualcomm performance component could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3843
Elevation of Privilege Vulnerability in Kernel An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3857
Elevation of Privilege Vulnerabilities in Kernel Sound Component Elevation of privilege vulnerabilities in the kernel sound component could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2544
CVE-2014-9904
Elevation of Privilege Vulnerability in ION Driver An elevation of privilege vulnerability in the ION driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3849
Elevation of Privilege Vulnerability in Qualcomm Bootloader An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3850
Elevation of Privilege Vulnerability in Kernel Performance Subsystem An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3843
Information Disclosure Vulnerability in Kernel Scheduler An information disclosure vulnerability in the kernel scheduler could enable a local malicious application to access data outside of its permission levels. CVE-2014-9903
Information Disclosure Vulnerability in USB driver An information disclosure vulnerability in the USB driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-4482
Elevation of Privilege Vulnerability in Google Play Services An elevation of privilege vulnerability in Google Play services could allow a local attacker to bypass the Factory Reset Protection and gain access to the device. CVE-2016-3853
Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the framework APIs could enable a pre-installed application to increase its intent filter priority when the application is being updated without the user being notified. CVE-2016-2497
Information Disclosure Vulnerability in Kernel Networking Component An information disclosure vulnerability in the kernel networking component could enable a local malicious application to access data outside of its permission levels. CVE-2016-4578
Information Disclosure Vulnerabilities in Kernel Sound Component Information disclosure vulnerabilities in the kernel sound component could enable a local malicious application to access data outside of its permission levels. CVE-2016-4569
CVE-2016-4578
Vulnerability in Qualcomm Components A vulnerability in the thermal driver can result in a local malicious application being able to corrupt memory, possibly resulting in a temporary denial of service.
berrylink

berrylink

网站编辑 at BerryLink
黑莓,为你而在....
热情,奉献,坚持——发自内心的喜爱.
berrylink
赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓发布搭载Android系统Blackberry手机安全公告-2016年8月
分享到: 更多 (0)

评论 3

评论前必须登录!

 

  1. #1

    BB10的更新呢,还不来嘛

    7233270553年前 (2016-08-02)
    • 快了 两周左右应该就有正式消息了

      rain3年前 (2016-08-03)
      • 希望,不会放鸽子啊。让人等待的心焦。

        莓文化3年前 (2016-08-03)

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员