BerryLink 分享 热爱 坚持
致那些已经逝去或即将逝去的美好

黑莓发布搭载Android系统Blackberry手机安全公告-2016年9月

黑莓官方9月6日发布搭载Android系统Blackberry手机安全公告,此次更新可修复已知上个系统版本的BUG及安全漏洞,建议Blackberry Dtek50\Priv用户及时检查更新。Android Security

此次更新可修复下面的漏洞:

Summary/摘要 Description/说明 CVE/漏洞编号
Remote Code Execution Vulnerability  in LibUtils   A remote code execution vulnerability in LibUtils could enable an attacker using a specially crafted file to execute arbitrary code in the context of a privileged process.   CVE-2016-3861
Remote Code Execution Vulnerability  in Mediaserver   A remote code execution vulnerability in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.   CVE-2016-3862
Remote Code Execution Vulnerability  in MediaMuxer   A remote code execution vulnerability in MediaMuxer could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process.   CVE-2016-3863
Elevation of Privilege Vulnerabilities in Mediaserver   Elevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.   CVE-2016-3870
CVE-2016-3871
CVE-2016-3872
Elevation of Privilege Vulnerability in Device Boot   An elevation of privilege during the boot sequence could enable a local malicious attacker to boot into safe mode even though it’s disabled.   CVE-2016-3875
Denial of Service Vulnerabilities in Mediaserver   Denial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.   CVE-2016-3899
CVE-2016-3878
CVE-2016-3879
CVE-2016-3880
CVE-2016-3881
Elevation of Privilege Vulnerability in Telephony   An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to send unauthorized premium SMS messages.   CVE-2016-3883
Elevation of Privilege Vulnerability in Notification Manager Service   An elevation of privilege vulnerability in the Notification Manager Service could enable a local malicious application to bypass operating system protections that isolate application data from other applications.   CVE-2016-3884
Elevation of Privilege Vulnerability in Debuggerd   An elevation of privilege vulnerability in the integrated Android debugger could enable a local malicious application to execute arbitrary code within the context of the Android debugger.   CVE-2016-3885
Elevation of Privilege Vulnerability in SMS   An elevation of privilege vulnerability in SMS could enable a local attacker to send premium SMS messages prior to the device being provisioned.   CVE-2016-3888
Elevation of Privilege Vulnerability in Settings   An elevation of privilege vulnerability in Settings could enable a local attacker to bypass the Factory Reset Protection and gain access to the device.   CVE-2016-3889
Elevation of Privilege Vulnerability in Java Debug Wire Protocol   An elevation of privilege vulnerability in the Java Debug Wire Protocol could enable a local malicious application to execute arbitrary code within the context of an elevated system application.   CVE-2016-3890
Information Disclosure Vulnerability in Mediaserver   An information disclosure vulnerability in mediaserver could enable a local malicious application to access data outside of its permission levels.   CVE-2016-3895
Information Disclosure Vulnerability in Wi-Fi   An information disclosure vulnerability in the Wi-Fi configuration could allow an application to access sensitive information.   CVE-2016-3897
Denial of Service Vulnerability in Telephony   A denial of service vulnerability in the Telephony component could enable a local malicious application to prevent 911 TTY calls from a locked screen.   CVE-2016-3898
Elevation of Privilege Vulnerability in Kernel Security Subsystem   An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-4470
Elevation of Privilege Vulnerability in Kernel Networking Subsystem   An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2013-7446
Elevation of Privilege Vulnerability in Kernel Netfilter Subsystem   An elevation of privilege vulnerability in the kernel netfilter subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-3134
Elevation of Privilege Vulnerability in Kernel USB Driver   An elevation of privilege vulnerability in the kernel USB driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-3951
Elevation of Privilege Vulnerability in Kernel ASN.1 Decoder   An elevation of privilege vulnerability in the kernel ASN.1 decoder could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-2053
Elevation of Privilege Vulnerability in Qualcomm Radio Interface layer   An elevation of privilege vulnerability in the Qualcomm radio interface layer could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-3864
Elevation of Privilege Vulnerability in Qualcomm Subsystem Driver   An elevation of privilege vulnerability in the Qualcomm subsystem driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-3858
Elevation of Privilege Vulnerability in Kernel Networking Driver   An elevation of privilege vulnerability in the kernel networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-4805
Elevation of Privilege Vulnerability in Synaptics Touchscreen Driver   An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-3865
Elevation of Privilege Vulnerability in Qualcomm Camera Driver   An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-3859
Elevation of Privilege Vulnerability in Qualcomm Sound Driver   An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-3866
Elevation of Privilege Vulnerability in Qualcomm IPA Driver   An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-3867
Elevation of Privilege Vulnerability in Qualcomm Power Driver   An elevation of privilege vulnerability in the Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-3868
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver   An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-3869
Elevation of Privilege Vulnerability in Kernel eCryptfs Filesystem   An elevation of privilege vulnerability in the kernel eCryptfs filesystem could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-1583
Denial of Service Vulnerability in Kernel ext4 file System   A denial of service vulnerability in the kernel ext4 file system could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device.   CVE-2015-8839
Information Disclosure Vulnerability in Qualcomm SPMI Driver   An information disclosure vulnerability in the Qualcomm SPMI driver could enable a local malicious application to access data outside of its permission levels.   CVE-2016-3892
Information Disclosure Vulnerability in Kernel Networking Subsystem   An information disclosure vulnerability in the kernel networking subsystem could enable a local malicious application to access data outside of its permission levels.   CVE-2016-4998
Elevation of Privilege Vulnerability in Qualcomm Components   An elevation of privilege vulnerability in the Qualcomm sound driver could enable a malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-2469
赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓发布搭载Android系统Blackberry手机安全公告-2016年9月
分享到: 更多 (0)

评论 1

评论前必须登录!

 

  1. #1

    要是能给翻译翻译就好了

    纯洁的一周3年前 (2016-09-08)

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员