BerryLink
专注黑莓,为你而在

黑莓发布搭载Android系统Blackberry手机安全公告-2016年10月

黑莓官方发布10月搭载Android系统Blackberry手机(PRIV/DTEK)安全公告,此次更新可修复已知上个系统版本的BUG及安全漏洞,特别是高通Qualcomm的一系列安全漏洞。建议Blackberry Dtek50\Priv用户及时检查更新。此次更新文件大小为157.7\159.1MB( AAG873 AAG853 )。

Android Security

此次更新可修复如下漏洞: 

Summary/摘要 Description/说明 CVE/漏洞编号
Elevation of Privilege Vulnerability in ServiceManager An elevation of privilege in ServiceManager could enable a local malicious application to register arbitrary services that would normally be provided by a privileged process, such as the system_server. CVE-2016-3900
Elevation of Privilege Vulnerability in Lock Settings Service An elevation of privilege vulnerability in Lock Settings Service could enable a local malicious application to clear the device PIN or password. CVE-2016-3908
Elevation of Privilege Vulnerabilities in Mediaserver Elevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-3909
CVE-2016-3910
CVE-2016-3913
Elevation of Privilege Vulnerability in Zygote process An elevation of privilege in the Zygote process could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-3911
Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-3912
Elevation of Privilege Vulnerability in Telephony An elevation of privilege vulnerability in the telephony component could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-3914
Elevation of Privilege Vulnerabilities in Camera Service Elevation of privilege vulnerabilities in the camera service could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-3915
CVE-2016-3916
Denial of Service Vulnerability in Wi-Fi A denial of service vulnerability in Wi-Fi could enable a local proximate attacker to create a hotspot and cause a device reboot. CVE-2016-3882
Denial of Service Vulnerability in GPS A denial of service vulnerability in the GPS component could enable a remote attacker to cause a device hang or reboot. CVE-2016-5348
Denial of Service Vulnerability in Mediaserver A denial of service vulnerability in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2016-3920
Elevation of Privilege Vulnerability in Framework Listener An elevation of privilege vulnerability in Framework Listener could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-3921
Elevation of Privilege Vulnerability in Telephony An elevation of privilege vulnerability in Telephony could enable a local malicious application to execute arbitrary code in the context of a privileged process. CVE-2016-3922
Information Disclosure Vulnerability in Mediaserver An information disclosure vulnerability in mediaserver could enable a local malicious application to access data outside of its permission levels. CVE-2016-3924
Denial of Service Vulnerability in Wi-FI A denial of service vulnerability in the Wi-Fi service could enable a local malicious application to prevent Wi-Fi calling. CVE-2016-3925
Remote Code Execution Vulnerability in Qualcomm Radio A remote code execution vulnerability in the Qualcomm radio could enable a remote attacker within radio range to execute arbitrary code within the context of the kernel. CVE-2016-3926
Remote Code Execution Vulnerability in Kernel ASN.1 Decoder An elevation of privilege vulnerability in the kernel ASN.1 decoder could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-0758
Elevation of Privilege Vulnerability in Qualcomm MPU Component An elevation of privilege vulnerability in the Qualcomm MPU component could enable a local malicious application to execute arbitrary code within the context of the Trusted Execution Environment. CVE-2016-3927
Elevation of Privilege Vulnerability in Kernel Networking Subsystem A remote code execution vulnerability in the kernel networking subsystem could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-7117
Elevation of Privilege Vulnerability in Qualcomm QSEE An elevation of privilege vulnerability in the Qualcomm QSEE could enable a local malicious application to execute arbitrary code within the context of the Trusted Execution Environment. CVE-2016-3929
Elevation of Privilege Vulnerability in Qualcomm Secure Execution Environment Communicator Driver An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3931
Elevation of Privilege Vulnerabilities in Qualcomm Camera Driver Elevation of privilege vulnerabilities in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3903 CVE-2016-3934
Elevation of Privilege Vulnerability in Qualcomm Sound Driver An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-8951
Elevation of Privilege Vulnerabilities in Qualcomm Crypto Engine Driver Elevation of privilege vulnerabilities in the Qualcomm cryptographic engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3901
CVE-2016-3935
Elevation of Privilege Vulnerabilities in Qualcomm Video Driver Elevation of privilege vulnerabilities in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3938
CVE-2016-3939
Elevation of Privilege Vulnerabilities in Synaptics Touchscreen Driver Elevation of privilege vulnerabilities in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3940
CVE-2016-6672
Elevation of Privilege Vulnerability in system_server An elevation of privilege vulnerability in system_server could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-6674
Elevation of Privilege Vulnerabilities in Qualcomm Wi-Fi driver Elevation of privilege vulnerabilities in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6675
CVE-2016-6676
CVE-2016-5342
Elevation of Privilege Vulnerability in Kernel Performance Subsystem An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-8955
Information Disclosure Vulnerability in Kernel ION Subsystem An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. CVE-2015-8950
Elevation of Privilege Vulnerability in Qualcomm Character Driver An elevation of privilege vulnerability in the Qualcomm character driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-0572
Information Disclosure Vulnerability in Qualcomm Sound Driver An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-3860
Information Disclosure Vulnerabilities in Qualcomm Components Information disclosure vulnerabilities in Qualcomm components, including the sound driver, IPA driver and Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-6679
CVE-2016-3902
CVE-2016-6680
CVE-2016-6681
CVE-2016-6682
Information Disclosure Vulnerabilities in Kernel Components Information disclosure vulnerabilities in kernel components, including Binder, Sync, Bluetooth, and Sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-6683
CVE-2016-6684
CVE-2015-8956
Information Disclosure Vulnerability in Kernel An information disclosure vulnerability in Binder could enable a local malicious application to access data outside of its permission levels. CVE-2016-6689
Denial of Service Vulnerability in Kernel Networking Subsystem A denial of service vulnerability in the kernel networking subsystem could enable an attacker to block access to TCP connections and cause a temporary remote denial of service. CVE-2016-5696
Denial of Service Vulnerability in Kernel Sound Driver A denial of service vulnerability in the kernel could allow a local malicious application to cause a device reboot. CVE-2016-6690
Vulnerabilities in Qualcomm Components Multiple vulnerabilities in Qualcomm components including audio drivers, display drivers, and WLAN drivers could allow a local malicious application to access data outside its permission levels. CVE-2016-6691
CVE-2016-6693
CVE-2016-6694
CVE-2016-6695
CVE-2016-6696
CVE-2016-5343
berrylink

berrylink

网站编辑 at BerryLink
黑莓,为你而在....
热情,奉献,坚持——发自内心的喜爱.
berrylink
赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓发布搭载Android系统Blackberry手机安全公告-2016年10月
分享到: 更多 (0)

评论 抢沙发

评论前必须登录!

 

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员