BerryLink 分享 热爱 坚持
致那些已经逝去或即将逝去的美好

黑莓发布搭载Android系统BlackBerry手机安全公告-2017年4月

黑莓官方发布2017年4月份搭载Android系统BlackBerry手机(PRIV/DTEK)安全公告,更新可解决之前Android系统存在已知系统漏洞,黑莓官方已正式发布系统更新推送升级提示,用户在收到更新后在WIFI环境下OTA更新即可。Android Security

更新机型包含已上市黑莓安卓系统机型手机BlackBerry PRIV/DTEK50/DTEK60. 官方从4月3日开始OTA推送。黑莓安全,告诉你黑莓为什么安全

此次更新可修复如下漏洞:

Summary/摘要 Description/说明 CVE/漏洞编号
Remote code execution vulnerability in Mediaserver   A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.   CVE-2017-0538
CVE-2017-0539
CVE-2017-0540
CVE-2017-0541
CVE-2017-0542
CVE-2017-0543
Elevation of privilege vulnerability in CameraBase   An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code.   CVE-2017-0544
Elevation of privilege vulnerability in Audioserver   An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process   CVE-2017-0545
Elevation of privilege vulnerability in SurfaceFlinger   An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process.   CVE-2017-0546
Information disclosure vulnerability in Mediaserver   An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0547
Denial of service vulnerability in Mediaserver   A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.   CVE-2017-0549
CVE-2017-0550
CVE-2017-0551
CVE-2017-0552
Elevation of privilege vulnerability in libnl   An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service.   CVE-2017-0553
Elevation of privilege vulnerability in Telephony   An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels.   CVE-2017-0554
Information disclosure vulnerability in Mediaserver   An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0555
CVE-2017-0556
CVE-2017-0557
CVE-2017-0558
Information disclosure vulnerability in libskia   An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0559
Information disclosure vulnerability in Factory Reset   An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner.   CVE-2017-0560
Remote code execution vulnerability in Broadcom Wi-Fi firmware   A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC.   CVE-2017-0561
Remote code execution vulnerability in Qualcomm crypto engine driver   A remote code execution vulnerability in the Qualcomm crypto engine driver could enable a remote attacker to execute arbitrary code within the context of the kernel.   CVE-2016-10230
Remote code execution vulnerability in kernel networking subsystem   A remote code execution vulnerability in the kernel networking subsystem could enable a remote attacker to execute arbitrary code within the context of the kernel.   CVE-2016-10229
Elevation of privilege vulnerability in kernel ION subsystem   An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0564
Vulnerabilities in Qualcomm components   Multiple vulnerabilities in Qualcomm components   CVE-2016-10237
CVE-2016-10238
CVE-2016-10239
Remote code execution vulnerability in Freetype   A remote code execution vulnerability in Freetype could enable a local malicious application to load a specially crafted font to cause memory corruption in an unprivileged process   CVE-2016-10244
Elevation of privilege vulnerability in kernel sound subsystem   An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2014-4656
Elevation of privilege vulnerability in Broadcom Wi-Fi driver   An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0567
CVE-2017-0568
CVE-2017-0569
CVE-2017-0570
CVE-2017-0571
CVE-2017-0572
CVE-2017-0573
CVE-2017-0574
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver   An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0575
Elevation of privilege vulnerability in Qualcomm crypto engine driver   An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0576
Elevation of privilege vulnerability in DTS sound driver   An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0578
Elevation of privilege vulnerability in Qualcomm sound codec driver   An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-10231
Elevation of privilege vulnerability in Qualcomm video driver   An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0579
CVE-2016-10232
CVE-2016-10233
Elevation of privilege vulnerability in Qualcomm Seemp driver   An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0462
Elevation of privilege vulnerability in Qualcomm Kyro L2 driver   An elevation of privilege vulnerability in the Qualcomm Kyro L2 driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-6423
Elevation of privilege vulnerability in kernel file system   An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2014-9922
Information disclosure vulnerability in kernel networking subsystem   An information disclosure vulnerability in the kernel networking subsystem could enable a local malicious application to access data outside of its permission levels.   CVE-2014-3145
Information disclosure vulnerability in Qualcomm IPA driver   An information disclosure vulnerability in the Qualcomm IPA driver could enable a local malicious application to access data outside of its permission levels.   CVE-2016-10234
Denial of service vulnerability in Qualcomm Wi-Fi driver   A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem.   CVE-2016-10235
Elevation of privilege vulnerability in kernel file system   An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code outside of its permission levels.   CVE-2016-7097
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver   An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-6424
Elevation of privilege vulnerability in Broadcom Wi-Fi driver   An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-8465
Information disclosure vulnerability in kernel media driver   An information disclosure vulnerability in the kernel media driver could enable a local malicious application to access data outside of its permission levels.   CVE-2014-1739
Information disclosure vulnerability in Qualcomm Wi-Fi driver   An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0584
Information disclosure vulnerability in Broadcom Wi-Fi driver   An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0585
Information disclosure vulnerability in Qualcomm Avtimer driver   An information disclosure vulnerability in the Qualcomm Avtimer driver could enable a local malicious application to access data outside of its permission levels.   CVE-2016-5346
Information disclosure vulnerability in Qualcomm video driver   An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-6425
Information disclosure vulnerability in Qualcomm USB driver   An information disclosure vulnerability in the Qualcomm USB driver could enable a local malicious application to access data outside of its permission levels.   CVE-2016-10236
Information disclosure vulnerability in Qualcomm sound driver   An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0586
Information disclosure vulnerability in Qualcomm SPMI driver   An information disclosure vulnerability in the Qualcomm SPMI driver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-6426
Vulnerabilities in Qualcomm components   Multiple vulnerabilities in Qualcomm components   CVE-2014-9937
CVE-2014-9934

黑莓官方是全球手机品牌厂商中为数不多能够及时提供系统漏洞更新与补丁的商家,GOOGLE在最新的Android安全报告中特别提到黑莓是能够保障用户安全的厂商,黑莓除了每月定期的更新外,还会在Android系统存在中大安全漏洞时第一时间为用户提供系统补丁,保障用户的使用安全。

赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓发布搭载Android系统BlackBerry手机安全公告-2017年4月
分享到: 更多 (0)

评论 3

评论前必须登录!

 

  1. #1

    意思是不用翻墙也能更?

    大威(kunitake)3年前 (2017-04-07)
  2. #2

    我只想知道,8.0都出了,priv何时才能更新7.0,难不成已经被抛弃了吗?你这样对大家该叫我们如何支持黑莓?

    blackberrypriv3年前 (2017-04-08)

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员