BlackBerry have promised to deliver security patches on a monthly basis for their Android smartphones and so far they are keeping good on that promise.
The company has today rolled out the January 2017 Android Security update to Android devices that have been purchased from ShopBlackBerry.com.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.
The following vulnerabilities have been remediated in this update:
[table style=”table-striped”]
| Summary | Description | CVE | ||
| Remote Code Execution Vulnerability in Mediaserver | A remote code execution vulnerability in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. | CVE-2017-0381 | ||
| Remote Code Execution Vulnerability in Framesequence | A remote code execution vulnerability in the framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. | CVE-2017-0382 | ||
| Elevation of Privilege Vulnerabilities in Audioserver | Elevation of privilege vulnerabilities in audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0384 CVE-2017-0385 |
||
| Elevation of Privilege Vulnerability in libnl | An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0386 | ||
| Elevation of Privilege Vulnerability in Mediaserver | An elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0387 | ||
| Denial of Service Vulnerability in Core Networking | A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. | CVE-2017-0389 | ||
| Denial of Service Vulnerabilities in Mediaserver | Denial of service vulnerabilities in mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2017-0390 CVE-2017-0391 CVE-2017-0392 CVE-2017-0393 |
||
| Denial of Service Vulnerability in Telephony | A denial of service vulnerability in telephony could enable a remote attacker to cause a device hang or reboot. | CVE-2017-0394 | ||
| Elevation of Privilege Vulnerability in Contacts | An elevation of privilege vulnerability in contacts could enable a local malicious application to silently create contact information. | CVE-2017-0395 | ||
| Information Disclosure Vulnerabilities in Mediaserver | Information disclosure vulnerabilities in mediaserver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0396 CVE-2017-0397 |
||
| Information Disclosure Vulnerabilities in Audioserver | Information disclosure vulnerabilities in audioserver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0398 CVE-2017-0399 CVE-2017-0400 CVE-2017-0401 CVE-2017-0402 |
||
| Elevation of Privilege Vulnerability in Kernel Memory Subsystem | An elevation of privilege vulnerability in the kernel memory subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2015-3288 | ||
| Elevation of Privilege Vulnerabilities in Qualcomm Bootloader | Elevation of privilege vulnerabilities in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8422 CVE-2016-8423 |
||
| Elevation of Privilege Vulnerability in Qualcomm GPU Driver | An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8434 | ||
| Vulnerabilities in Qualcomm Components | These security vulnerabilities affect Qualcomm components, and are described in further detail in the appropriate Qualcomm AMSS security bulletin or security alert. | CVE-2016-8398 CVE-2016-8437 CVE-2016-8438 CVE-2016-8439 CVE-2016-8440 CVE-2016-8441 CVE-2016-8442 CVE-2016-8443 CVE-2016-8459 CVE-2016-5080 |
||
| Elevation of Privilege Vulnerabilities in Qualcomm Camera | Elevation of privilege vulnerabilities in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8412 CVE-2016-8444 |
||
| Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver | An elevation of privilege vulnerability in the Qualcomm wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8415 | ||
| Elevation of Privilege Vulnerability in Qualcomm Sound Driver | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8450 | ||
| Elevation of Privilege Vulnerability in Kernel Security Subsystem | An elevation of privilege vulnerability in kernel security subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-7042 | ||
| Elevation of Privilege Vulnerability in Kernel Performance Subsystem | An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0403 | ||
| Elevation of Privilege Vulnerability in Kernel Sound Subsystem | An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0404 | ||
| Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver | An elevation of privilege vulnerability in the Qualcomm wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8452 | ||
| Elevation of Privilege Vulnerability in Qualcomm Radio Driver | An elevation of privilege vulnerability in the Qualcomm radio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-5345 | ||
| Elevation of Privilege Vulnerability in Kernel Profiling Subsystem | An elevation of privilege vulnerability in the kernel profiling subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-9754 | ||
| Elevation of Privilege Vulnerabilities in Broadcom Wi-Fi Driver | Elevation of privilege vulnerabilities in the Broadcom wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8454 CVE-2016-8456 CVE-2016-8457 |
||
| Elevation of Privilege Vulnerability in Synaptics Touchscreen Driver | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8458 | ||
| Elevation of Privilege Vulnerabilities in Broadcom Wi-Fi Driver | Elevation of privilege vulnerabilities in the Broadcom wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8464 CVE-2016-8465 CVE-2016-8466 |
||
| Information Disclosure Vulnerabilities in Qualcomm Audio Post Processor | Information disclosure vulnerabilities in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0399 CVE-2017-0400 CVE-2017-0401 CVE-2017-0402 |
[/table]
If you own an Android device from BlackBerry and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually. Look for the following Android security patch level: January 5, 2017.
Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.
