BerryLink
专注黑莓,为你而在

黑莓官方发布搭载Android系统BlackBerry手机安全公告-2017年3月

黑莓官方发布2017年3月份搭载Android系统BlackBerry手机(PRIV/DTEK50/DTEK60)系统安全公告,此次更新主要修复高通官方已披露的漏洞以及部分已知Android系统漏洞。Android Securityandroidshield更新机型包含已上市黑莓安卓系统机型手机BlackBerry PRIV/DTEK50/DTEK60. 官方从3月4日开始OTA推送。

此次更新可修复如下漏洞:

Summary/摘要 Description/说明 CVE/漏洞编号
Remote Code Execution Vulnerability in OpenSSL & BoringSSL   A remote code execution vulnerability in OpenSSL and BoringSSL could enable an attacker using a specially crafted file to cause memory corruption during file and data processing.   CVE-2016-2182
Remote Code Execution Vulnerabilities in Mediaserver   Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.   CVE-2017-0466
CVE-2017-0467
CVE-2017-0468
CVE-2017-0469
CVE-2017-0470
CVE-2017-0471
CVE-2017-0472
CVE-2017-0473
Elevation of Privilege Vulnerability in Recovery Verifier   An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0475
Remote Code Execution Vulnerability in AOSP Messaging   A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.   CVE-2017-0476
Remote Code Execution Vulnerability in Framesequence Library   A remote code execution vulnerability in the framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process.   CVE-2017-0478
Elevation of Privilege Vulnerabilities in Audioserver   Elevation of privilege vulnerabilities in audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.   CVE-2017-0479
CVE-2017-0480
Elevation of Privilege Vulnerability in NFC   An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process.   CVE-2017-0481
Denial of Service Vulnerabilities in Mediaserver   Denial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.   CVE-2017-0482
CVE-2017-0483
CVE-2017-0484
CVE-2017-0485
CVE-2017-0486
CVE-2017-0487
CVE-2017-0488
Elevation of Privilege Vulnerability in Location Manager   An elevation of privilege vulnerability in location manager could enable a local malicious application to bypass operating system protections for location data.   CVE-2017-0489
Elevation of Privilege Vulnerability in Wi-Fi   An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data.   CVE-2017-0490
Elevation of Privilege Vulnerability in Package Manager   An elevation of privilege vulnerability in package manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications.   CVE-2017-0491
Information Disclosure Vulnerability in AOSP Messaging   An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels.   CVE-2017-0494
Information Disclosure Vulnerability in Mediaserver   An information disclosure vulnerability in mediaserver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0495
Denial of Service Vulnerability in Setup Wizard   A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device.   CVE-2017-0496
Denial of Service Vulnerability in Setup Wizard   A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset.   CVE-2017-0498
Denial of Service Vulnerability in Audioserver   A denial of service vulnerability in audioserver could enable a local malicious application to cause a device hang or reboot.   CVE-2017-0499
Elevation of Privilege Vulnerabilities in Kernel ION Subsystem   Elevation of privilege vulnerabilities in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0507
CVE-2017-0508
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver   An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0509
Elevation of Privilege Vulnerability in Qualcomm GPU Driver   An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-8479
Elevation of Privilege Vulnerabilities in Kernel Networking Subsystem   Elevation of privilege vulnerabilities in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-9806
CVE-2016-10200
Vulnerability in Qualcomm Components   A vulnerability in a Qualcomm component leading to elevation of privilege and information disclosure.   CVE-2016-8484
Elevation of Privilege Vulnerabilities in Kernel Networking Subsystem   Elevation of privilege vulnerabilities in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-8655
CVE-2016-9793
Elevation of Privilege Vulnerability in Qualcomm Input Hardware Driver   An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0516
Elevation of Privilege Vulnerability in Qualcomm ADSPRPC Driver   An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0457
Elevation of Privilege Vulnerabilities in Qualcomm Fingerprint Sensor Driver   Elevation of privilege vulnerabilities in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0518
CVE-2017-0519
Elevation of Privilege Vulnerability in Qualcomm Crypto Engine Driver   An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0520
Elevation of Privilege Vulnerabilities in Qualcomm Camera Driver   Elevation of privilege vulnerabilities in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0458
CVE-2017-0521
Elevation of Privilege Vulnerabilities in Qualcomm Wi-Fi Driver   Elevation of privilege vulnerabilities in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0464
CVE-2017-0453
CVE-2017-0523
Elevation of Privilege Vulnerability in Synaptics Touchscreen Driver   An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0524
Elevation of Privilege Vulnerabilities in Qualcomm IPA Driver   Elevation of privilege vulnerabilities in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0456
CVE-2017-0525
Elevation of Privilege Vulnerabilities in Qualcomm Networking Driver   Elevation of privilege vulnerabilities in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0463
CVE-2017-0460
Elevation of Privilege Vulnerability in Qualcomm SPCom Driver   An elevation of privilege vulnerability in the Qualcomm SPCom driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-5856
Information Disclosure Vulnerability in Qualcomm Bootloader   An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to execute arbitrary code within the context of the bootloader.   CVE-2017-0455
Information Disclosure Vulnerability in Qualcomm Power Driver   An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels.   CVE-2016-8483
Denial of Service Vulnerability in Kernel Cryptographic Subsystem   A denial of service vulnerability in the kernel cryptographic subsystem could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot.   CVE-2016-8650
Elevation of Privilege Vulnerability in Qualcomm Camera Driver   An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-8417
Information Disclosure Vulnerabilities in Qualcomm Wi-Fi Driver   Information disclosure vulnerabilities in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0461
CVE-2017-0459
CVE-2017-0531
Information Disclosure Vulnerabilities in Qualcomm Video Driver   Information disclosure vulnerabilities in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0533
CVE-2017-0534
CVE-2016-8416
CVE-2016-8478
Information Disclosure Vulnerabilities in Qualcomm Camera Driver   Information disclosure vulnerabilities in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels.   CVE-2016-8413
CVE-2016-8477
Information Disclosure Vulnerability in Synaptics Touchscreen Driver   An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0536
Information Disclosure Vulnerability in Kernel USB Gadget Driver   An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0537
Information Disclosure Vulnerability in Qualcomm Camera Driver   An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0452

使用安卓系统黑莓手机用户可以等待官方的系统更新提示,也可以手动检查更新。
设置\Settings>关于手机\About Phone

*不同国家地区及运营商,接收系统更新的时间及更新文件大小会有不同

berrylink

berrylink

网站编辑 at BerryLink
黑莓,为你而在....
热情,奉献,坚持——发自内心的喜爱.
berrylink
赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓官方发布搭载Android系统BlackBerry手机安全公告-2017年3月
分享到: 更多 (0)

评论 抢沙发

评论前必须登录!

 

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员