BlackBerry have promised to deliver security patches on a monthly basis for the BlackBerry Priv, and so far they are keeping good on that promise.
The company has today rolled out the July Security upgrade to BlackBerry Priv’s that have been purchased from ShopBlackBerry.com.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.
The following vulnerabilities have been remediated in this update:
[table style=”table-striped”]
| Summary | Description | CVE | ||
| Remote Code Execution Vulnerabilities in Mediaserver | Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media. |
CVE-2016-2505 CVE-2016-2506 CVE-2016-2507 CVE-2016-2508 CVE-2016-3741 CVE-2016-3742 CVE-2016-3743 CVE-2016-2505 CVE-2016-2506 CVE-2016-2507 CVE-2016-2508 CVE-2016-3741 CVE-2016-3742 CVE-2016-3743 |
||
| Remote Code Execution Vulnerability in OpenSSL & BoringSSL | A remote code execution vulnerability in OpenSSL and BoringSSL could enable an attacker using a specially crafted file to cause memory corruption during file and data processing. | CVE-2016-2108 | ||
| Remote Code Execution Vulnerability in Bluetooth | A remote code execution vulnerability in Bluetooth could allow a proximal attacker to execute arbitrary code during the pairing process. | CVE-2016-3744 | ||
| Elevation of Privilege Vulnerability in libpng | An elevation of privilege vulnerability in libpng could enable a local malicious application to execute arbitrary code within the context of an elevated system application. | CVE-2016-3751 | ||
| Elevation of Privilege Vulnerabilities in Mediaserver | Elevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of an elevated system application. | CVE-2016-3745 CVE-2016-3746 CVE-2016-3747 |
||
| Elevation of Privilege Vulnerability in Sockets | An elevation of privilege vulnerability in sockets could enable a local malicious application to access system calls outside of its permissions level. | CVE-2016-3748 | ||
| Elevation of Privilege Vulnerability in Framework APIs | An elevation of privilege vulnerability in the Parcels Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. | CVE-2016-3750 | ||
| Elevation of Privilege Vulnerability in ChooserTarget Service | An elevation of privilege vulnerability in the ChooserTarget service could enable a local malicious application to execute code in the context of another application. | CVE-2016-3752 | ||
| Information Disclosure Vulnerability in OpenSSL | An information disclosure vulnerability in OpenSSL could enable a remote attacker to access protected data normally only accessible to locally installed apps that request permission. | CVE-2016-2107 | ||
| Denial of Service Vulnerabilities in Mediaserver | Denial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2016-3754 CVE-2016-3755 CVE-2016-3756 |
||
| Elevation of Privilege Vulnerability in lsof | An elevation of privilege vulnerability in lsof could enable a local malicious application to execute arbitrary code that could lead to a permanent device compromise. | CVE-2016-3757 | ||
| Elevation of Privilege Vulnerability in DexClassLoader | An elevation of privilege vulnerability in the DexClassLoader could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2016-3758 | ||
| Elevation of Privilege Vulnerability in Framework APIs | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to request backup permissions and intercept all backup data. | CVE-2016-3759 | ||
| Elevation of Privilege Vulnerability in Bluetooth | An elevation of privilege vulnerability in the Bluetooth component could enable a local attacker to add an authenticated Bluetooth device that persists for the primary user. | CVE-2016-3760 | ||
| Elevation of Privilege Vulnerability in NFC | An elevation of privilege vulnerability in NFC could enable a local malicious background application to access information from a foreground application. | CVE-2016-3761 | ||
| Elevation of Privilege Vulnerability in Sockets | An elevation of privilege vulnerability in sockets could enable a local malicious application to gain access to certain uncommon socket types possibly leading to arbitrary code execution within the context of the kernel. | CVE-2016-3762 | ||
| Information Disclosure Vulnerability in Proxy Auto-Config | An information disclosure vulnerability in the Proxy Auto-Config component could allow an application to access sensitive information. | CVE-2016-3763 | ||
| Information Disclosure Vulnerabilities in Mediaserver | Information disclosure vulnerabilities in mediaserver could allow a local malicious application to access sensitive information. | CVE-2016-3764 CVE-2016-3765 |
||
| Denial of Service Vulnerability in Mediaserver | A denial of service vulnerability in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2016-3766 | ||
| Elevation of Privilege Vulnerabilities in Qualcomm GPU Driver | Elevation of privilege vulnerabilities in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-2503 CVE-2016-2067 |
||
| Elevation of Privilege Vulnerability in Qualcomm Performance Component | An elevation of privilege vulnerability in the Qualcomm performance component could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-3768 | ||
| Elevation of Privilege Vulnerability in Kernel File System | An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-3775 | ||
| Elevation of Privilege Vulnerability in USB Driver | An elevation of privilege vulnerability in the USB driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2015-8816 | ||
| Elevation of Privilege Vulnerability in Qualcomm Components | An elevation of privilege vulnerability could enable a malicious application to execute code within the context of the kernel. | CVE-2014-9801 | ||
| Elevation of Privilege Vulnerability in Qualcomm USB Driver | An elevation of privilege vulnerability in the Qualcomm USB driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-2502 | ||
| Elevation of Privilege Vulnerability in Qualcomm Camera Driver | An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-2501 | ||
| Elevation of Privilege Vulnerabilities in Kernel File System | Elevation of privilege vulnerabilities in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-3802 CVE-2016-3803 |
||
| Elevation of Privilege Vulnerability in Qualcomm Sound Driver | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-2068 | ||
| Elevation of Privilege Vulnerability in Kernel | An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2014-9803 | ||
| Information Disclosure Vulnerability in Networking Component | An information disclosure vulnerability in the networking component could enable a local malicious application to access data outside of its permission levels. | CVE-2016-3809 | ||
| Elevation of Privilege Vulnerability in Kernel Video Driver | An elevation of privilege vulnerability in the kernel video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-3811 | ||
| Information Disclosure Vulnerability in Qualcomm USB Driver | An information disclosure vulnerability in the Qualcomm USB driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-3813 | ||
| Information Disclosure Vulnerability in Kernel Teletype Driver | An information disclosure vulnerability in the teletype driver could enable a local malicious application to acces |
[/table]
If you own a Priv and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually.
Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.
