Highlighted

BlackBerry powered by Android Security Bulletin – May 2017

Novice

Just in case anyone was interested in what is not available from Verizon.

BlackBerry powered by Android Security Bulletin – May 2017

Purpose of this Bulletin

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (May 2017) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones.

Back to top ↑

Vulnerabilities Fixed in this Update

The following vulnerabilities have been remediated in this update:

Summary Description CVE

Remote code execution vulnerability in Mediaserver

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

CVE-2017-0592
CVE-2017-0591
CVE-2017-0590
CVE-2017-0589
CVE-2017-0588
CVE-2017-0587

Elevation of privilege vulnerability in Framework API

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions.

CVE-2017-0593

Elevation of privilege vulnerability in Mediaserver

An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.

CVE-2017-0596
CVE-2017-0595
CVE-2017-0594

Elevation of privilege vulnerability in Audioserver

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.

CVE-2017-0597

Information disclosure vulnerability in Framework API

An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications.

CVE-2017-0598

Denial of service vulnerability in Mediaserver

A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

CVE-2017-0600
CVE-2017-0599

Information disclosure vulnerability in Bluetooth

An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications.

CVE-2017-0602

Information disclosure vulnerability in OpenSSL & BoringSSL

An information disclosure vulnerability in OpenSSL & BoringSSL could enable a remote attacker to gain access to sensitive information.

CVE-2016-7056

Denial of service vulnerability in Mediaserver

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.

CVE-2017-0603

Remote code execution vulnerability in GIFLIB

A remote code execution vulnerability in GIFLIB could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

CVE-2015-7555

Elevation of privilege vulnerability in kernel sound subsystem

An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2016-9794

Elevation of privilege vulnerability in Qualcomm power driver

An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2017-0604

Elevation of privilege vulnerability in kernel trace subsystem

An elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2017-0605

Remote code execution vulnerability in libxml2

A remote code execution vulnerability in libxml2 could enable an attacker to use a specially crafted file to execute arbitrary code within the context of an unprivileged process.

CVE-2016-5131

Elevation of privilege vulnerability in kernel performance subsystem

An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2015-9004

Elevation of privilege vulnerability in Qualcomm sound driver

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2016-5853
CVE-2017-0611
CVE-2017-0610
CVE-2016-5859
CVE-2017-0609
CVE-2017-0608
CVE-2017-0607
CVE-2016-5867
CVE-2016-5860
CVE-2017-0606

Elevation of privilege vulnerability in Qualcomm ADSPRPC driver

An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2017-0465

Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2017-0614
CVE-2017-0613
CVE-2017-0612

Elevation of privilege vulnerability in Qualcomm pin controller driver

An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2017-0619

Elevation of privilege vulnerability in Qualcomm Secure Channel Manager Driver

An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2017-0620

Elevation of privilege vulnerability in Qualcomm sound codec driver

An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2016-5862

Elevation of privilege vulnerability in kernel voltage regulator driver

An elevation of privilege vulnerability in the kernel voltage regulator driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2014-9940

Elevation of privilege vulnerability in Qualcomm camera driver

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2017-0621

Elevation of privilege vulnerability in Qualcomm networking driver

An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2016-5868

Elevation of privilege vulnerability in kernel networking subsystem

An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2017-7184

Elevation of privilege vulnerability in Goodix touchscreen driver

An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

CVE-2017-0622

Information disclosure vulnerability in Qualcomm crypto engine driver

An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels.

CVE-2017-0626

Information disclosure vulnerability in kernel UVC driver

An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels.

CVE-2017-0627

Information disclosure vulnerability in kernel trace subsystem

An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels.

CVE-2017-0630

Information disclosure vulnerability in Qualcomm camera driver

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels.

CVE-2017-0631
CVE-2017-0629
CVE-2017-0628

Information disclosure vulnerability in Qualcomm sound driver

An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels.

CVE-2016-5347

Information disclosure vulnerability in Qualcomm sound codec driver

An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels.

CVE-2017-0632
CVE-2016-5858

Information disclosure vulnerability in Broadcom Wi-Fi driver

An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels.

CVE-2017-0633

Information disclosure vulnerability in Synaptics touchscreen driver

An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels.

CVE-2017-0634

Vulnerabilities in Qualcomm component

Multiple vulnerabilities in Qualcomm components

CVE-2014-9958

Vulnerabilities in Qualcomm component Multiple vulnerabilities in Qualcomm components CVE-2014-9959
Labels (1)
0 Likes
Highlighted

Re: BlackBerry powered by Android Security Bulletin – May 2017

Novice

Thanks, checking often, hoping by now we would be seeing the May update release.

It's already been 10 days, I realize Verizon has to "test" the OS, but this is getting annoying.

0 Likes
Highlighted

Re: BlackBerry powered by Android Security Bulletin – May 2017

Novice

Other thread is locked. May update is rolling out.

Dated May 5, 2017

Build number AAL425

0 Likes