黑莓官方发布2017年5月份搭载Android系统BlackBerry手机(PRIV/DTEK)安全公告,更新可解决之前Android系统存在已知系统漏洞,黑莓官方已正式发布系统更新推送升级提示,用户在收到更新后在WIFI环境下OTA更新即可。
更新机型包含已上市黑莓安卓系统机型手机BlackBerry PRIV/DTEK50/DTEK60. 官方从5月1日开始OTA推送。
此次更新可修复如下漏洞:
Summary/摘要 | Description/说明 | CVE/漏洞编号 | ||
Remote code execution vulnerability in Mediaserver | A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. | CVE-2017-0592 CVE-2017-0591 CVE-2017-0590 CVE-2017-0589 CVE-2017-0588 CVE-2017-0587 |
||
Elevation of privilege vulnerability in Framework API | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. | CVE-2017-0593 | ||
Elevation of privilege vulnerability in Mediaserver | An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0596 CVE-2017-0595 CVE-2017-0594 |
||
Elevation of privilege vulnerability in Audioserver | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0597 | ||
Information disclosure vulnerability in Framework API | An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. | CVE-2017-0598 | ||
Denial of service vulnerability in Mediaserver | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2017-0600 CVE-2017-0599 |
||
Information disclosure vulnerability in Bluetooth | An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. | CVE-2017-0602 | ||
Information disclosure vulnerability in OpenSSL & BoringSSL | An information disclosure vulnerability in OpenSSL & BoringSSL could enable a remote attacker to gain access to sensitive information. | CVE-2016-7056 | ||
Denial of service vulnerability in Mediaserver | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2017-0603 | ||
Remote code execution vulnerability in GIFLIB | A remote code execution vulnerability in GIFLIB could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. | CVE-2015-7555 | ||
Elevation of privilege vulnerability in kernel sound subsystem | An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-9794 | ||
Elevation of privilege vulnerability in Qualcomm power driver | An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0604 | ||
Elevation of privilege vulnerability in kernel trace subsystem | An elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0605 | ||
Remote code execution vulnerability in libxml2 | A remote code execution vulnerability in libxml2 could enable an attacker to use a specially crafted file to execute arbitrary code within the context of an unprivileged process. | CVE-2016-5131 | ||
Elevation of privilege vulnerability in kernel performance subsystem | An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2015-9004 | ||
Elevation of privilege vulnerability in Qualcomm sound driver | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-5853 CVE-2017-0611 CVE-2017-0610 CVE-2016-5859 CVE-2017-0609 CVE-2017-0608 CVE-2017-0607 CVE-2016-5867 CVE-2016-5860 CVE-2017-0606 |
||
Elevation of privilege vulnerability in Qualcomm ADSPRPC driver | An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0465 | ||
Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver | An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0614 CVE-2017-0613 CVE-2017-0612 |
||
Elevation of privilege vulnerability in Qualcomm pin controller driver | An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0619 | ||
Elevation of privilege vulnerability in Qualcomm Secure Channel Manager Driver | An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0620 | ||
Elevation of privilege vulnerability in Qualcomm sound codec driver | An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-5862 | ||
Elevation of privilege vulnerability in kernel voltage regulator driver | An elevation of privilege vulnerability in the kernel voltage regulator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2014-9940 | ||
Elevation of privilege vulnerability in Qualcomm camera driver | An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0621 | ||
Elevation of privilege vulnerability in Qualcomm networking driver | An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-5868 | ||
Elevation of privilege vulnerability in kernel networking subsystem | An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-7184 | ||
Elevation of privilege vulnerability in Goodix touchscreen driver | An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0622 | ||
Information disclosure vulnerability in Qualcomm crypto engine driver | An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0626 | ||
Information disclosure vulnerability in kernel UVC driver | An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0627 | ||
Information disclosure vulnerability in kernel trace subsystem | An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0630 | ||
Information disclosure vulnerability in Qualcomm camera driver | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0631 CVE-2017-0629 CVE-2017-0628 |
||
Information disclosure vulnerability in Qualcomm sound driver | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-5347 | ||
Information disclosure vulnerability in Qualcomm sound codec driver | An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0632 CVE-2016-5858 |
||
Information disclosure vulnerability in Broadcom Wi-Fi driver | An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. | CVE-2017-0633 | ||
Information disclosure vulnerability in Synaptics touchscreen driver | An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0634 | ||
Vulnerabilities in Qualcomm component | Multiple vulnerabilities in Qualcomm components | CVE-2014-9958 | ||
Vulnerabilities in Qualcomm component | Multiple vulnerabilities in Qualcomm components | CVE-2014-9959 |
黑莓官方是全球手机品牌厂商中为数不多能够及时提供系统漏洞更新与补丁的商家,GOOGLE在最新的Android安全报告中特别提到黑莓是能够保障用户安全的厂商,黑莓除了每月定期的更新外,还会在Android系统存在中大安全漏洞时第一时间为用户提供系统补丁,保障用户的使用安全。
Latest posts by rain (see all)
- 黑莓PlayBook平板电脑激活修复教程2023 - 2023年12月31日
- 黑莓官方周边配件盘点 - 2023年9月13日
- 黑莓KEY3真机照片曝光? - 2023年4月8日
评论前必须登录!
注册