BlackBerry have promised to deliver security patches on a monthly basis for their Android smartphones and so far they are keeping good on that promise.
The company has today rolled out the December 2016 Android Security update to Android devices that have been purchased from ShopBlackBerry.com.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.
The following vulnerabilities have been remediated in this update:
| Summary | Description | CVE | ||
| Elevation of Privilege Vulnerability in Libziparchive | An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2016-6762 | ||
| Denial of Service Vulnerability in Telephony | A denial of service vulnerability in telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. | CVE-2016-6763 | ||
| Denial of Service Vulnerabilities in Mediaserver | Denial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2016-6766 CVE-2016-6765 CVE-2016-6764 |
||
| Remote Code Execution Vulnerability in Framesequence Library | A remote code execution vulnerability in the framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. | CVE-2016-6768 | ||
| Elevation of Privilege Vulnerability in Framework APIs | An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. | CVE-2016-6770 | ||
| Elevation of Privilege Vulnerability in Telephony | An elevation of privilege vulnerability in telephony could enable a local malicious application to access system functions beyond its access level. | CVE-2016-6771 | ||
| Elevation of Privilege Vulnerability in Wi-Fi | An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2016-6772 | ||
| Information Disclosure Vulnerability in Mediaserver | An information disclosure vulnerability in mediaserver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-6773 | ||
| Elevation of Privilege Vulnerability in Qualcomm MSM Interface | An elevation of privilege vulnerability in the Qualcomm MSM interface could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8411 | ||
| Elevation of Privilege Vulnerability in Kernel | An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2015-8966 | ||
| Elevation of Privilege Vulnerability in Kernel ION Driver | An elevation of privilege vulnerability in the kernel ION driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-9120 | ||
| Elevation of Privilege Vulnerability in Kernel | An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2015-8967 | ||
| Elevation of Privilege Vulnerabilities in Qualcomm Media Codecs | Elevation of privilege vulnerabilities in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2016-6758 CVE-2016-6759 CVE-2016-6760 CVE-2016-6761 |
||
| Elevation of Privilege Vulnerability in Qualcomm Camera Driver | An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-6755 | ||
| Elevation of Privilege Vulnerabilities in Kernel Performance Subsystem | Elevation of privilege vulnerabilities in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-6786 CVE-2016-6787 |
||
| Elevation of Privilege Vulnerabilities in Qualcomm Sound Driver | Elevation of privilege vulnerabilities in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-6791 CVE-2016-8391 CVE-2016-8392 |
||
| Elevation of Privilege Vulnerability in Kernel Security Subsystem | An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2015-7872 | ||
| Elevation of Privilege Vulnerabilities in Broadcom Wi-Fi Driver | Elevation of privilege vulnerabilities in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2014-9909 CVE-2014-9910 |
||
| Denial of Service Vulnerability in GPS | A denial of service vulnerability in the Qualcomm GPS component could enable a remote attacker to cause a device hang or reboot. | CVE-2016-5341 | ||
| Elevation of Privilege Vulnerability in Kernel Networking Subsystem | An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8399 | ||
| Information Disclosure Vulnerabilities in Qualcomm Components | Information disclosure vulnerabilities in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-6756 CVE-2016-6757 |
||
| Information Disclosure Vulnerabilities in Kernel Components | Information disclosure vulnerabilities in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. | CVE-2016-8401 CVE-2016-8402 CVE-2016-8403 CVE-2016-8404 CVE-2016-8405 CVE-2016-8406 CVE-2016-8407 |
||
| Information Disclosure Vulnerability in Qualcomm Sound Driver | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-8410 |
If you own an Android device from BlackBerry and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually.
Look for the following Android security patch level: December 5, 2016.
Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.
