分享 - 热爱 - 坚持
路漫漫其修远兮,吾将上下而求索

黑莓发布搭载Android系统BlackBerry手机安全公告-2017年2月

黑莓官方发布2017年2月份搭载Android系统BlackBerry手机(PRIV/DTEK)安全公告,此次更新主要修复高通官方已披露的漏洞以及部分已知Android系统漏洞。Android Security

更新机型包含已上市黑莓安卓系统机型手机BlackBerry PRIV/DTEK50/DTEK60. 官方从2月5日开始OTA推送。

此次更新可修复如下漏洞:

Summary/摘要 Description/说明 CVE/漏洞编号
Remote Code Execution Vulnerabilities in Mediaserver Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2017-0407
Remote Code Execution Vulnerability in libstagefright A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. CVE-2017-0409
Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0410
Elevation of Privilege Vulnerability in Mediaserver An elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0415
Elevation of Privilege Vulnerabilities in Audioserver Elevation of privilege vulnerabilities in audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0416
CVE-2017-0417
CVE-2017-0418
CVE-2017-0419
Information Disclosure Vulnerabilities in AOSP Messaging Information disclosure vulnerabilities in AOSP messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2017-0413
CVE-2017-0414
Information Disclosure Vulnerability in Framework APIs An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2017-0421
Denial of Service Vulnerability in Bionic DNS A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. CVE-2017-0422
Elevation of Privilege Vulnerability in Bluetooth An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. CVE-2017-0423
Information Disclosure Vulnerability in AOSP Messaging An information disclosure vulnerability in AOSP messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. CVE-2017-0424
Information Disclosure Vulnerability in Audioserver An information disclosure vulnerability in audioserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0425
Remote Code Execution Vulnerability in Qualcomm Crypto Driver A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-8418
Elevation of Privilege Vulnerability in Kernel File System An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0427
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0430
Vulnerability in Qualcomm Components A denial of service vulnerability caused by improper data validation on DES3 object and DsaSignDigest in GP library operations. CVE-2017-0431
Elevation of Privilege Vulnerability in Qualcomm Secure Execution Environment Communicator Driver An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8480
Elevation of Privilege Vulnerabilities in Qualcomm Sound Driver Elevation of privilege vulnerabilities in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8481
CVE-2017-0435
CVE-2017-0436
Elevation of Privilege Vulnerabilities in Qualcomm Wi-Fi Driver Elevation of privilege vulnerabilities in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0437
CVE-2017-0438
CVE-2017-0439
CVE-2016-8419
CVE-2016-8420
CVE-2016-8421
CVE-2017-0440
CVE-2017-0441
CVE-2017-0442
CVE-2017-0443
CVE-2016-8476
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0449
Elevation of Privilege Vulnerability in Kernel File System An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to bypass protections that prevent an escalation of privileges. CVE-2016-10044
Information Disclosure Vulnerability in Qualcomm Secure Execution Environment Communicator An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. CVE-2016-8414
Information Disclosure Vulnerability in Qualcomm Sound Driver An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0451

黑莓安卓系统手机检查系统更新

设置Settings > 关于About > 系统更新System update > 检查更新Check for update.这里

rain

网站编辑 at BerryLink
黑莓控

Latest posts by rain (see all)

赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓发布搭载Android系统BlackBerry手机安全公告-2017年2月

评论 抢沙发

评论前必须登录!

 

喜欢一样东西,就要学会欣赏它,珍惜它,使它更弥足珍贵。

流年似水,岁月如歌,2005--2008--2010--2015--直到今天,为共同爱好走到一起的朋友。

加入我们团队成员

登录

找回密码

注册