BlackBerry have promised to deliver security patches on a monthly basis for their Android smartphones and so far they are keeping good on that promise.
The company has today rolled out the February 2017 Android Security update to Android devices that have been purchased from ShopBlackBerry.com.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.
The following vulnerabilities have been remediated in this update:
| Summary | Description | CVE | ||
| Remote Code Execution Vulnerabilities in Mediaserver | Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. | CVE-2017-0407 | ||
| Remote Code Execution Vulnerability in libstagefright | A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. | CVE-2017-0409 | ||
| Elevation of Privilege Vulnerability in Framework APIs | An elevation of privilege vulnerability in the framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0410 | ||
| Elevation of Privilege Vulnerability in Mediaserver | An elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0415 | ||
| Elevation of Privilege Vulnerabilities in Audioserver | Elevation of privilege vulnerabilities in audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0416 CVE-2017-0417 CVE-2017-0418 CVE-2017-0419 |
||
| Information Disclosure Vulnerabilities in AOSP Messaging | Information disclosure vulnerabilities in AOSP messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. | CVE-2017-0413 CVE-2017-0414 |
||
| Information Disclosure Vulnerability in Framework APIs | An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. | CVE-2017-0421 | ||
| Denial of Service Vulnerability in Bionic DNS | A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. | CVE-2017-0422 | ||
| Elevation of Privilege Vulnerability in Bluetooth | An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. | CVE-2017-0423 | ||
| Information Disclosure Vulnerability in AOSP Messaging | An information disclosure vulnerability in AOSP messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. | CVE-2017-0424 | ||
| Information Disclosure Vulnerability in Audioserver | An information disclosure vulnerability in audioserver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0425 | ||
| Remote Code Execution Vulnerability in Qualcomm Crypto Driver | A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. | CVE-2016-8418 | ||
| Elevation of Privilege Vulnerability in Kernel File System | An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0427 | ||
| Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0430 | ||
| Vulnerability in Qualcomm Components | A denial of service vulnerability caused by improper data validation on DES3 object and DsaSignDigest in GP library operations. | CVE-2017-0431 | ||
| Elevation of Privilege Vulnerability in Qualcomm Secure Execution Environment Communicator Driver | An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8480 | ||
| Elevation of Privilege Vulnerabilities in Qualcomm Sound Driver | Elevation of privilege vulnerabilities in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8481 CVE-2017-0435 CVE-2017-0436 |
||
| Elevation of Privilege Vulnerabilities in Qualcomm Wi-Fi Driver | Elevation of privilege vulnerabilities in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0437 CVE-2017-0438 CVE-2017-0439 CVE-2016-8419 CVE-2016-8420 CVE-2016-8421 CVE-2017-0440 CVE-2017-0441 CVE-2017-0442 CVE-2017-0443 CVE-2016-8476 |
||
| Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0449 | ||
| Elevation of Privilege Vulnerability in Kernel File System | An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to bypass protections that prevent an escalation of privileges. | CVE-2016-10044 | ||
| Information Disclosure Vulnerability in Qualcomm Secure Execution Environment Communicator | An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. | CVE-2016-8414 | ||
| Information Disclosure Vulnerability in Qualcomm Sound Driver | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0451 |
If you own an Android device from BlackBerry and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually. Look for the following Android security patch level: February 5, 2017.
Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.
