BlackBerry has today rolled out the April 2017 Android Security update to Android devices that have been purchased from ShopBlackBerry.com.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.
Google have made two security patches available and, as always, BlackBerry have incorprated the latest patch – April 5, 2017.
The following vulnerabilities have been remediated in this update:
| Summary | Description | CVE | ||
| Remote code execution vulnerability in Mediaserver | A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. | CVE-2017-0538 CVE-2017-0539 CVE-2017-0540 CVE-2017-0541 CVE-2017-0542 CVE-2017-0543 |
||
| Elevation of privilege vulnerability in CameraBase | An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. | CVE-2017-0544 | ||
| Elevation of privilege vulnerability in Audioserver | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process | CVE-2017-0545 | ||
| Elevation of privilege vulnerability in SurfaceFlinger | An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0546 | ||
| Information disclosure vulnerability in Mediaserver | An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0547 | ||
| Denial of service vulnerability in Mediaserver | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2017-0549 CVE-2017-0550 CVE-2017-0551 CVE-2017-0552 |
||
| Elevation of privilege vulnerability in libnl | An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. | CVE-2017-0553 | ||
| Elevation of privilege vulnerability in Telephony | An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. | CVE-2017-0554 | ||
| Information disclosure vulnerability in Mediaserver | An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0555 CVE-2017-0556 CVE-2017-0557 CVE-2017-0558 |
||
| Information disclosure vulnerability in libskia | An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0559 | ||
| Information disclosure vulnerability in Factory Reset | An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. | CVE-2017-0560 | ||
| Remote code execution vulnerability in Broadcom Wi-Fi firmware | A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. | CVE-2017-0561 | ||
| Remote code execution vulnerability in Qualcomm crypto engine driver | A remote code execution vulnerability in the Qualcomm crypto engine driver could enable a remote attacker to execute arbitrary code within the context of the kernel. | CVE-2016-10230 | ||
| Remote code execution vulnerability in kernel networking subsystem | A remote code execution vulnerability in the kernel networking subsystem could enable a remote attacker to execute arbitrary code within the context of the kernel. | CVE-2016-10229 | ||
| Elevation of privilege vulnerability in kernel ION subsystem | An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0564 | ||
| Vulnerabilities in Qualcomm components | Multiple vulnerabilities in Qualcomm components | CVE-2016-10237 CVE-2016-10238 CVE-2016-10239 |
||
| Remote code execution vulnerability in Freetype | A remote code execution vulnerability in Freetype could enable a local malicious application to load a specially crafted font to cause memory corruption in an unprivileged process | CVE-2016-10244 | ||
| Elevation of privilege vulnerability in kernel sound subsystem | An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2014-4656 | ||
| Elevation of privilege vulnerability in Broadcom Wi-Fi driver | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0567 CVE-2017-0568 CVE-2017-0569 CVE-2017-0570 CVE-2017-0571 CVE-2017-0572 CVE-2017-0573 CVE-2017-0574 |
||
| Elevation of privilege vulnerability in Qualcomm Wi-Fi driver | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0575 | ||
| Elevation of privilege vulnerability in Qualcomm crypto engine driver | An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0576 | ||
| Elevation of privilege vulnerability in DTS sound driver | An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0578 | ||
| Elevation of privilege vulnerability in Qualcomm sound codec driver | An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-10231 | ||
| Elevation of privilege vulnerability in Qualcomm video driver | An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0579 CVE-2016-10232 CVE-2016-10233 |
||
| Elevation of privilege vulnerability in Qualcomm Seemp driver | An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0462 | ||
| Elevation of privilege vulnerability in Qualcomm Kyro L2 driver | An elevation of privilege vulnerability in the Qualcomm Kyro L2 driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-6423 | ||
| Elevation of privilege vulnerability in kernel file system | An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2014-9922 | ||
| Information disclosure vulnerability in kernel networking subsystem | An information disclosure vulnerability in the kernel networking subsystem could enable a local malicious application to access data outside of its permission levels. | CVE-2014-3145 | ||
| Information disclosure vulnerability in Qualcomm IPA driver | An information disclosure vulnerability in the Qualcomm IPA driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-10234 | ||
| Denial of service vulnerability in Qualcomm Wi-Fi driver | A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. | CVE-2016-10235 | ||
| Elevation of privilege vulnerability in kernel file system | An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code outside of its permission levels. | CVE-2016-7097 | ||
| Elevation of privilege vulnerability in Qualcomm Wi-Fi driver | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-6424 | ||
| Elevation of privilege vulnerability in Broadcom Wi-Fi driver | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8465 | ||
| Information disclosure vulnerability in kernel media driver | An information disclosure vulnerability in the kernel media driver could enable a local malicious application to access data outside of its permission levels. | CVE-2014-1739 | ||
| Information disclosure vulnerability in Qualcomm Wi-Fi driver | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0584 | ||
| Information disclosure vulnerability in Broadcom Wi-Fi driver | An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0585 | ||
| Information disclosure vulnerability in Qualcomm Avtimer driver | An information disclosure vulnerability in the Qualcomm Avtimer driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-5346 | ||
| Information disclosure vulnerability in Qualcomm video driver | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-6425 | ||
| Information disclosure vulnerability in Qualcomm USB driver | An information disclosure vulnerability in the Qualcomm USB driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-10236 | ||
| Information disclosure vulnerability in Qualcomm sound driver | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0586 | ||
| Information disclosure vulnerability in Qualcomm SPMI driver | An information disclosure vulnerability in the Qualcomm SPMI driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-6426 | ||
| Vulnerabilities in Qualcomm components | Multiple vulnerabilities in Qualcomm components | CVE-2014-9937 CVE-2014-9934 |
If you own an Android device from BlackBerry and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually. Look for the following Android security patch level: April 5, 2017.
Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.
