BerryLink
专注黑莓,为你而在

黑莓发布搭载Android系统BlackBerry手机安全公告-2017年5月

黑莓官方发布2017年5月份搭载Android系统BlackBerry手机(PRIV/DTEK)安全公告,更新可解决之前Android系统存在已知系统漏洞,黑莓官方已正式发布系统更新推送升级提示,用户在收到更新后在WIFI环境下OTA更新即可。

androidshield

更新机型包含已上市黑莓安卓系统机型手机BlackBerry PRIV/DTEK50/DTEK60. 官方从5月1日开始OTA推送。

此次更新可修复如下漏洞:

Summary/摘要 Description/说明 CVE/漏洞编号
Remote code execution vulnerability in Mediaserver A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2017-0592
CVE-2017-0591
CVE-2017-0590
CVE-2017-0589
CVE-2017-0588
CVE-2017-0587
Elevation of privilege vulnerability in Framework API An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. CVE-2017-0593
Elevation of privilege vulnerability in Mediaserver An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0596
CVE-2017-0595
CVE-2017-0594
Elevation of privilege vulnerability in Audioserver An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0597
Information disclosure vulnerability in Framework API An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2017-0598
Denial of service vulnerability in Mediaserver A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2017-0600
CVE-2017-0599
Information disclosure vulnerability in Bluetooth An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2017-0602
Information disclosure vulnerability in OpenSSL & BoringSSL An information disclosure vulnerability in OpenSSL & BoringSSL could enable a remote attacker to gain access to sensitive information. CVE-2016-7056
Denial of service vulnerability in Mediaserver A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2017-0603
Remote code execution vulnerability in GIFLIB A remote code execution vulnerability in GIFLIB could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2015-7555
Elevation of privilege vulnerability in kernel sound subsystem An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-9794
Elevation of privilege vulnerability in Qualcomm power driver An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0604
Elevation of privilege vulnerability in kernel trace subsystem An elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0605
Remote code execution vulnerability in libxml2 A remote code execution vulnerability in libxml2 could enable an attacker to use a specially crafted file to execute arbitrary code within the context of an unprivileged process. CVE-2016-5131
Elevation of privilege vulnerability in kernel performance subsystem An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-9004
Elevation of privilege vulnerability in Qualcomm sound driver An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-5853
CVE-2017-0611
CVE-2017-0610
CVE-2016-5859
CVE-2017-0609
CVE-2017-0608
CVE-2017-0607
CVE-2016-5867
CVE-2016-5860
CVE-2017-0606
Elevation of privilege vulnerability in Qualcomm ADSPRPC driver An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0465
Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0614
CVE-2017-0613
CVE-2017-0612
Elevation of privilege vulnerability in Qualcomm pin controller driver An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0619
Elevation of privilege vulnerability in Qualcomm Secure Channel Manager Driver An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0620
Elevation of privilege vulnerability in Qualcomm sound codec driver An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-5862
Elevation of privilege vulnerability in kernel voltage regulator driver An elevation of privilege vulnerability in the kernel voltage regulator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-9940
Elevation of privilege vulnerability in Qualcomm camera driver An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0621
Elevation of privilege vulnerability in Qualcomm networking driver An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-5868
Elevation of privilege vulnerability in kernel networking subsystem An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-7184
Elevation of privilege vulnerability in Goodix touchscreen driver An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0622
Information disclosure vulnerability in Qualcomm crypto engine driver An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0626
Information disclosure vulnerability in kernel UVC driver An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0627
Information disclosure vulnerability in kernel trace subsystem An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. CVE-2017-0630
Information disclosure vulnerability in Qualcomm camera driver An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0631
CVE-2017-0629
CVE-2017-0628
Information disclosure vulnerability in Qualcomm sound driver An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-5347
Information disclosure vulnerability in Qualcomm sound codec driver An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0632
CVE-2016-5858
Information disclosure vulnerability in Broadcom Wi-Fi driver An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. CVE-2017-0633
Information disclosure vulnerability in Synaptics touchscreen driver An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0634
Vulnerabilities in Qualcomm component Multiple vulnerabilities in Qualcomm components CVE-2014-9958
Vulnerabilities in Qualcomm component Multiple vulnerabilities in Qualcomm components CVE-2014-9959

黑莓官方是全球手机品牌厂商中为数不多能够及时提供系统漏洞更新与补丁的商家,GOOGLE在最新的Android安全报告中特别提到黑莓是能够保障用户安全的厂商,黑莓除了每月定期的更新外,还会在Android系统存在中大安全漏洞时第一时间为用户提供系统补丁,保障用户的使用安全。

赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓发布搭载Android系统BlackBerry手机安全公告-2017年5月
分享到: 更多 (0)

评论 抢沙发

评论前必须登录!

 

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员