BerryLink
专注黑莓,为你而在

黑莓发布搭载Android系统BlackBerry手机安全公告-2017年6月

黑莓官方发布2017年6月份搭载Android系统BlackBerry手机(PRIV/DTEK)安全公告,更新可解决之前Android系统存在已知系统漏洞,黑莓官方已正式发布系统更新推送升级提示,用户在收到更新后在WIFI环境下OTA更新即可。

androidshield

更新机型包含已上市黑莓安卓系统机型手机BlackBerry PRIV/DTEK50/DTEK60(新机KEYone及Aurora是否在列,还有待确定)。官方从6月5日开始OTA推送。

此次更新可修复如下漏洞:

Summary/摘要 Description/说明 CVE/漏洞编号
Remote code execution vulnerability in Mediaserver A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2017-0637
Remote code execution vulnerability in libopenjpeg A remote code execution vulnerability in libopenjpeg could enable an attacker to use a specially crafted file to execute arbitrary code within the context of an unprivileged process. CVE-2016-8332
CVE-2015-8871
Remote code execution vulnerability in libxml2 A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. CVE-2017-7376
CVE-2017-0663
CVE-2016-4658
CVE-2016-5131
Denial of service vulnerability in Mediaserver A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2017-0644
CVE-2017-0643
CVE-2017-0642
CVE-2017-0641
CVE-2017-0640
CVE-2017-0391
Elevation of privilege vulnerability in Bluetooth An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. CVE-2017-0645
Information disclosure vulnerability in Bluetooth An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. CVE-2017-0646
CVE-2017-0639
Information disclosure vulnerability in libziparch An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. CVE-2017-0647
Denial of service vulnerability in libxml2 A denial of service vulnerability in libxml2 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. CVE-2016-1839
Elevation of privilege vulnerability in Qualcomm bootloader An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-7365
Elevation of privilege vulnerability in kernel FIQ debugger An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0648
Denial of service vulnerability in Qualcomm bootloader A denial of service vulnerability in the Qualcomm bootloader could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. CVE-2017-7367
Elevation of privilege vulnerability in Qualcomm sound driver An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-7369
CVE-2017-7368
Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-8242
Elevation of privilege vulnerability in Qualcomm camera driver An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-8235
CVE-2017-8234
CVE-2017-8233
Elevation of privilege vulnerability in Qualcomm IPA driver An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-8236
Elevation of privilege vulnerability in MStar touchscreen driver An elevation of privilege vulnerability in the MStar touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-6421
Elevation of privilege vulnerability in Qualcomm networking driver An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-8237
Update: Elevation of privilege vulnerability in Qualcomm video driver An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0579
CVE-2017-7373
CVE-2017-7372
CVE-2016-5861
CVE-2017-7370
Information disclosure vulnerability in Qualcomm camera driver An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-8239
Information disclosure vulnerability in Qualcomm pin controller driver An information disclosure vulnerability in the Qualcomm pin controller driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-8240
Update: Information disclosure vulnerability in Qualcomm voice service driver An information disclosure vulnerability in the Qualcomm voice service driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0451
Elevation of privilege vulnerability in Synaptics touchscreen driver An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0650
Information disclosure vulnerability in Qualcomm Wi-Fi driver An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-8241
Vulnerabilities in Qualcomm component Multiple vulnerabilities in Qualcomm components. CVE-2015-9033
Vulnerabilities in Qualcomm component Multiple vulnerabilities in Qualcomm components. CVE-2015-9050

黑莓官方是全球手机品牌厂商中为数不多能够及时提供系统漏洞更新与补丁的商家,GOOGLE在最新的Android安全报告中特别提到黑莓是能够保障用户安全的厂商,黑莓除了每月定期的更新外,还会在Android系统存在中大安全漏洞时第一时间为用户提供系统补丁,保障用户的使用安全。

请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓发布搭载Android系统BlackBerry手机安全公告-2017年6月

分享到:更多 ()

评论 抢沙发

评论前必须登录!

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员