BlackBerry have promised to deliver security patches on a monthly basis for the BlackBerry Priv, and so far they are keeping good on that promise.
The company has today rolled out the June Security upgrade to BlackBerry Priv’s that have been purchased from ShopBlackBerry.com.
The following vulnerabilities have been remediated in this update:
[table style=”table-striped”]
| Summary | Description | CVE | ||
| Remote Code Execution Vulnerability in Mediaserver | A remote code execution vulnerability in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media. |
CVE-2016-2463 | ||
| Remote Code Execution Vulnerabilities in libwebm | Remote code execution vulnerabilities with libwebm could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media. |
CVE-2016-2464 | ||
| Elevation of Privilege Vulnerability in Qualcomm Video Driver | An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-2465 | ||
| Elevation of Privilege Vulnerabilities in Qualcomm GPU Driver | Elevation of privilege vulnerabilities in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-2468 CVE-2016-2062 |
||
| Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to invoke system calls changing the device settings and behavior without the privileges to do so. | CVE-2016-2475 | ||
| Elevation of Privilege Vulnerabilities in Qualcomm Sound Driver | Elevation of privilege vulnerabilities in the Qualcomm sound driver could enable a malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-2066 CVE-2016-2469 |
||
| Elevation of Privilege Vulnerabilities in Mediaserver | Elevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of an elevated system application. | CVE-2016-2476 CVE-2016-2477 CVE-2016-2478 CVE-2016-2479 CVE-2016-2480 CVE-2016-2481 CVE-2016-2482 CVE-2016-2483 CVE-2016-2484 CVE-2016-2485 CVE-2016-2486 CVE-2016-2487 |
||
| Elevation of Privilege Vulnerabilities in Qualcomm Camera Driver | Elevation of privilege vulnerabilities in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-2061 CVE-2016-2488 |
||
| Elevation of Privilege Vulnerability in Qualcomm Video Driver | An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-2489 | ||
| Elevation of Privilege Vulnerability in SD Card Emulation Layer | An elevation of privilege vulnerability in the SD Card userspace emulation layer could enable a local malicious application to execute arbitrary code within the context of an elevated system application. | CVE-2016-2494 | ||
| Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-2493 | ||
| Remote Denial of Service Vulnerability in Mediaserver | A remote denial of service vulnerability in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2016-2495 | ||
| Elevation of Privilege Vulnerability in Framework UI | An elevation of privilege vulnerability in the Framework UI permission dialog window could enable an attacker to gain access to unauthorized files in private storage. | CVE-2016-2496 | ||
| Information Disclosure Vulnerability in Mediaserver | An information disclosure vulnerability in mediaserver could allow an application to access sensitive information. | CVE-2016-2499 | ||
| Information Disclosure Vulnerability in Activity Manager | An information disclosure vulnerability in the Activity Manager component could allow an application to access sensitive information. |
[/table]
If you own a Priv and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually.
