Android-Sicherheitspatch-Update November für das DTEK60 und PRIV verfügbar

PRIV_Update

BlackBerry hat damit begonnen das Android-Sicherheitspatch-Update für November auszurollen. Zunächst ist das Update nur für die Geräte DTEK60 und PRIV welche bei ShopBlackBerry gekauft wurden und bei einigen Mobilfunk­anbieter verfügbar. Das Update für das DTEK50 erscheint in Kürze.

Das Update lässt sich in den Einstellungen unter dem Punkt Über das Telefon an der Android-Sicherheitspatch-Ebene 06. November 2016 identifizieren.

 

 
Das Update kann in den Einstellungen unter „Über das Telefon“ bei dem Punkt „Systemupdates“ abgerufen werden. Es Update hat eine Größe von ca. 92 MB. Daher empfiehlt es sich eine Sicherung (z.B. mit MyPhoneExplorer) anzulegen. Auch ist es ratsam das Update nur über ein verbundenes Wi-Fi Netz und mit angeschlossenem Ladegerät durchzuführen.

 

Aktualisieren Sie Ihr BlackBerry-Smartphone mit Android noch heute auf die neuste Software.

Dieses Update enthält hilfreiche Verbesserungen. Laden Sie es jetzt herunter, damit Ihr BlackBerry-Smartphone mit Android noch sicherer und produktiver wird.

Das Aktualisieren Ihres BlackBerry-Gerätes ist kostenlos und ganz einfach. Während des Updates können Sie Ihr Gerät wie gewohnt verwenden. Wie Sie wissen, empfehlen wir, vor dem Update eine aktuelle Sicherungsdatei Ihres BlackBerry-Smartphones anzulegen. Tippen Sie auf „Herunterladen“ um das Update zu starten.

Details zu den in diesem Update behobenen Problemen werden auf www.blackberry.com/bbsirt veröffentlicht.

Wir empfehlen vor dem Download des Updates eine WLAN-Verbindung herzustellen. Wenn Sie das Update über das Mobilfunknetz herunterladen, könnte dies zusätzliche Kosten verursachen.

In folgender aufklappbaren Tabelle sind alles geschlossenen Sicherheitslücken auflistet.

Vulnerabilities Fixed in this Update (aufklappbar):
Summary Description CVE
Elevation of Privilege in Kernel Subsystem An elevation of privilege vulnerability in the kernel memory management subsystem could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-5195
Remote Code Execution Vulnerability in Android Runtime A remote code execution vulnerability in an Android runtime library could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. CVE-2016-6703
Elevation of Privilege Vulnerabilities in Mediaserver Elevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-6704
CVE-2016-6705
Elevation of Privilege Vulnerability in System Server An elevation of privilege vulnerability in system server could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-6707
Information Disclosure Vulnerability in Conscrypt and BoringSSL An information disclosure vulnerability in Conscrypt and BoringSSL could enable a man-in-the middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. CVE-2016-6709
Information Disclosure Vulnerability in Download Manager An information disclosure vulnerability in the download manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2016-6710
Denial of Service Vulnerabilities in Mediaserver Remote denial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2016-6711
CVE-2016-6712
CVE-2016-6713
CVE-2016-6714
Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the Framework APIs could allow a local malicious application to record audio without the user’s permission. CVE-2016-6715
Elevation of Privilege Vulnerability in Mediaserver An elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-6717
Elevation of Privilege Vulnerability in Bluetooth An elevation of privilege vulnerability in the Bluetooth component could enable a local malicious application to pair with any Bluetooth device without user consent. CVE-2016-6719
Information Disclosure Vulnerabilities in Mediaserver nformation disclosure vulnerabilities in mediaserver could enable a local malicious application to access data outside of its permission levels. CVE-2016-6720
CVE-2016-6721
CVE-2016-6722
Denial of Service Vulnerability in Proxy Auto Config A denial of service vulnerability in Proxy Auto Config could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. CVE-2016-6723
Denial of Service Vulnerability in Input Manager Service A denial of service vulnerability in the Input Manager Service could enable a local malicious application to cause the device to continually reboot. CVE-2016-6724
Remote Code Execution Vulnerability in Qualcomm GPS Subsystem A remote code execution vulnerability in the Qualcomm GPS subsystem could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-6727
Remote Code Execution Vulnerability in Qualcomm Crypto Driver A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-6725
Elevation of Privilege Vulnerability in Kernel ION Subsystem An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6728
Elevation of Privilege Vulnerability in Qualcomm Bootloader An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6729
Elevation of Privilege Vulnerability in Kernel Networking Subsystem An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6828
Elevation of Privilege Vulnerability in Kernel Sound Subsystem An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2184
Elevation of Privilege Vulnerabilities in Kernel File System Elevation of privilege vulnerabilities in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-7910
CVE-2016-7911
CVE-2015-8961
Elevation of Privilege Vulnerability in Kernel SCSI Driver An elevation of privilege vulnerability in the kernel SCSI driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-8962
Elevation of Privilege Vulnerability in Kernel USB Driver An elevation of privilege vulnerability in the kernel USB driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-7912
Elevation of Privilege Vulnerability in Kernel ION Subsystem An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel CVE-2016-6737
Remote Code Execution Vulnerabilities in Expat Multiple vulnerabilities exist in the Expat library, the most severe of which is an elevation of privilege vulnerability in the Expat XML parser, which could enable an attacker using a specially crafted file to execute arbitrary code in an unprivileged process. CVE-2016-0718
CVE-2012-6702
CVE-2016-5300
CVE-2015-1283
Remote Code Execution Vulnerability in Freetype A remote code execution vulnerability in Freetype could enable a local malicious application to load a specially crafted font to cause memory corruption in an unprivileged process. CVE-2014-9675
Elevation of Privilege Vulnerability in Kernel System-call Auditing Subsystem An elevation of privilege vulnerability in the kernel system-call auditing subsystem could enable a local malicious application to disrupt system-call auditing in the kernel. CVE-2016-6136
Elevation of Privilege Vulnerability in Qualcomm Crypto Engine Driver An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6738
Elevation of Privilege Vulnerabilities in Qualcomm Camera Driver Elevation of privilege vulnerabilities in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel CVE-2016-6739
CVE-2016-6740
CVE-2016-6741
Elevation of Privilege Vulnerability in Qualcomm Bus Driver An elevation of privilege vulnerability in the Qualcomm bus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3904
Elevation of Privilege Vulnerabilities in Synaptics Touchscreen Driver Elevation of privilege vulnerabilities in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6742
CVE-2016-6743
CVE-2016-6744
CVE-2016-6745
Elevation of Privilege Vulnerability in Kernel Performance Subsystem An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-8963
Information Disclosure Vulnerabilities in Kernel Components Information disclosure vulnerabilities in kernel components including the human interface device driver, file system, and Teletype driver, could enable a local malicious application to access data outside of its permission levels. CVE-2016-7914
CVE-2015-8964
CVE-2016-7915
CVE-2016-7916
Information Disclosure Vulnerabilities in Qualcomm Components Information disclosure vulnerabilities in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-6748
CVE-2016-6749
CVE-2016-6750
CVE-2016-3906
CVE-2016-3907
CVE-2016-6698
CVE-2016-6751
CVE-2016-6752
Information Disclosure Vulnerabilities in Kernel Components Information disclosure vulnerabilities in kernel components, including the process-grouping subsystem and the networking subsystem, could enable a local malicious application to access data outside of its permission levels. CVE-2016-6753
CVE-2016-7917

Kommentar veröffentlichen