黑莓官方发布2017年2月份搭载Android系统BlackBerry手机(PRIV/DTEK)安全公告,此次更新主要修复高通官方已披露的漏洞以及部分已知Android系统漏洞。
更新机型包含已上市黑莓安卓系统机型手机BlackBerry PRIV/DTEK50/DTEK60. 官方从2月5日开始OTA推送。
此次更新可修复如下漏洞:
Summary/摘要 | Description/说明 | CVE/漏洞编号 | ||
Remote Code Execution Vulnerabilities in Mediaserver | Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. | CVE-2017-0407 | ||
Remote Code Execution Vulnerability in libstagefright | A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. | CVE-2017-0409 | ||
Elevation of Privilege Vulnerability in Framework APIs | An elevation of privilege vulnerability in the framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0410 | ||
Elevation of Privilege Vulnerability in Mediaserver | An elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0415 | ||
Elevation of Privilege Vulnerabilities in Audioserver | Elevation of privilege vulnerabilities in audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0416 CVE-2017-0417 CVE-2017-0418 CVE-2017-0419 |
||
Information Disclosure Vulnerabilities in AOSP Messaging | Information disclosure vulnerabilities in AOSP messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. | CVE-2017-0413 CVE-2017-0414 |
||
Information Disclosure Vulnerability in Framework APIs | An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. | CVE-2017-0421 | ||
Denial of Service Vulnerability in Bionic DNS | A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. | CVE-2017-0422 | ||
Elevation of Privilege Vulnerability in Bluetooth | An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. | CVE-2017-0423 | ||
Information Disclosure Vulnerability in AOSP Messaging | An information disclosure vulnerability in AOSP messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. | CVE-2017-0424 | ||
Information Disclosure Vulnerability in Audioserver | An information disclosure vulnerability in audioserver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0425 | ||
Remote Code Execution Vulnerability in Qualcomm Crypto Driver | A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. | CVE-2016-8418 | ||
Elevation of Privilege Vulnerability in Kernel File System | An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0427 | ||
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0430 | ||
Vulnerability in Qualcomm Components | A denial of service vulnerability caused by improper data validation on DES3 object and DsaSignDigest in GP library operations. | CVE-2017-0431 | ||
Elevation of Privilege Vulnerability in Qualcomm Secure Execution Environment Communicator Driver | An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8480 | ||
Elevation of Privilege Vulnerabilities in Qualcomm Sound Driver | Elevation of privilege vulnerabilities in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8481 CVE-2017-0435 CVE-2017-0436 |
||
Elevation of Privilege Vulnerabilities in Qualcomm Wi-Fi Driver | Elevation of privilege vulnerabilities in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0437 CVE-2017-0438 CVE-2017-0439 CVE-2016-8419 CVE-2016-8420 CVE-2016-8421 CVE-2017-0440 CVE-2017-0441 CVE-2017-0442 CVE-2017-0443 CVE-2016-8476 |
||
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0449 | ||
Elevation of Privilege Vulnerability in Kernel File System | An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to bypass protections that prevent an escalation of privileges. | CVE-2016-10044 | ||
Information Disclosure Vulnerability in Qualcomm Secure Execution Environment Communicator | An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. | CVE-2016-8414 | ||
Information Disclosure Vulnerability in Qualcomm Sound Driver | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0451 |
黑莓安卓系统手机检查系统更新
设置Settings > 关于About > 系统更新System update > 检查更新Check for update.这里
Latest posts by rain (see all)
- 黑莓PlayBook平板电脑激活修复教程2023 - 2023年12月31日
- 黑莓官方周边配件盘点 - 2023年9月13日
- 黑莓KEY3真机照片曝光? - 2023年4月8日
评论前必须登录!
注册