- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just in case anyone was interested in what is not available from Verizon.
BlackBerry powered by Android Security Bulletin – May 2017
Purpose of this Bulletin
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (May 2017) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones.
Vulnerabilities Fixed in this Update
The following vulnerabilities have been remediated in this update:
| Summary | Description | CVE | ||
Remote code execution vulnerability in Mediaserver | A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. | CVE-2017-0592 | ||
Elevation of privilege vulnerability in Framework API | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. | CVE-2017-0593 | ||
Elevation of privilege vulnerability in Mediaserver | An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0596 | ||
Elevation of privilege vulnerability in Audioserver | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0597 | ||
Information disclosure vulnerability in Framework API | An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. | CVE-2017-0598 | ||
Denial of service vulnerability in Mediaserver | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2017-0600 | ||
Information disclosure vulnerability in Bluetooth | An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. | CVE-2017-0602 | ||
Information disclosure vulnerability in OpenSSL & BoringSSL | An information disclosure vulnerability in OpenSSL & BoringSSL could enable a remote attacker to gain access to sensitive information. | CVE-2016-7056 | ||
Denial of service vulnerability in Mediaserver | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2017-0603 | ||
Remote code execution vulnerability in GIFLIB | A remote code execution vulnerability in GIFLIB could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. | CVE-2015-7555 | ||
Elevation of privilege vulnerability in kernel sound subsystem | An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-9794 | ||
Elevation of privilege vulnerability in Qualcomm power driver | An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0604 | ||
Elevation of privilege vulnerability in kernel trace subsystem | An elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0605 | ||
Remote code execution vulnerability in libxml2 | A remote code execution vulnerability in libxml2 could enable an attacker to use a specially crafted file to execute arbitrary code within the context of an unprivileged process. | CVE-2016-5131 | ||
Elevation of privilege vulnerability in kernel performance subsystem | An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2015-9004 | ||
Elevation of privilege vulnerability in Qualcomm sound driver | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-5853 | ||
Elevation of privilege vulnerability in Qualcomm ADSPRPC driver | An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0465 | ||
Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver | An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0614 | ||
Elevation of privilege vulnerability in Qualcomm pin controller driver | An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0619 | ||
Elevation of privilege vulnerability in Qualcomm Secure Channel Manager Driver | An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0620 | ||
Elevation of privilege vulnerability in Qualcomm sound codec driver | An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-5862 | ||
Elevation of privilege vulnerability in kernel voltage regulator driver | An elevation of privilege vulnerability in the kernel voltage regulator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2014-9940 | ||
Elevation of privilege vulnerability in Qualcomm camera driver | An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0621 | ||
Elevation of privilege vulnerability in Qualcomm networking driver | An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-5868 | ||
Elevation of privilege vulnerability in kernel networking subsystem | An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-7184 | ||
Elevation of privilege vulnerability in Goodix touchscreen driver | An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0622 | ||
Information disclosure vulnerability in Qualcomm crypto engine driver | An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0626 | ||
Information disclosure vulnerability in kernel UVC driver | An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0627 | ||
Information disclosure vulnerability in kernel trace subsystem | An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0630 | ||
Information disclosure vulnerability in Qualcomm camera driver | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0631 | ||
Information disclosure vulnerability in Qualcomm sound driver | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-5347 | ||
Information disclosure vulnerability in Qualcomm sound codec driver | An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0632 | ||
Information disclosure vulnerability in Broadcom Wi-Fi driver | An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. | CVE-2017-0633 | ||
Information disclosure vulnerability in Synaptics touchscreen driver | An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0634 | ||
Vulnerabilities in Qualcomm component | Multiple vulnerabilities in Qualcomm components | CVE-2014-9958 | ||
| Vulnerabilities in Qualcomm component | Multiple vulnerabilities in Qualcomm components | CVE-2014-9959 |
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, checking often, hoping by now we would be seeing the May update release.
It's already been 10 days, I realize Verizon has to "test" the OS, but this is getting annoying.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Other thread is locked. May update is rolling out.
Dated May 5, 2017
Build number AAL425