Android-Sicherheitspatch-Update Januar verfügbar

PRIV_Update

BlackBerry hat damit begonnen das Android-Sicherheitspatch-Update für Januar 2017 auszurollen. Zunächst ist das Update nur für die Geräte welche bei ShopBlackBerry gekauft wurden und bei einigen Mobilfunk­anbieter verfügbar. Bleibt abzuwarten ob das DTEK50 zum DTEK60 und PRIV aufschließt. Im Dezember hat dieses nur das verspätete November-Update erhalten.

Das Update lässt sich in den Einstellungen unter dem Punkt Über das Telefon an der Android-Sicherheitspatch-Ebene 05. Januar 2017 identifizieren.

 

 
Das Update kann in den Einstellungen unter „Über das Telefon“ bei dem Punkt „Systemupdates“ abgerufen werden. Es Update hat eine Größe von knapp über 100 MB. Daher empfiehlt es sich eine Sicherung (z.B. mit MyPhoneExplorer) anzulegen. Auch ist es ratsam das Update nur über ein verbundenes Wi-Fi Netz und mit angeschlossenem Ladegerät durchzuführen.

 

Aktualisieren Sie Ihr BlackBerry-Smartphone mit Android noch heute auf die neuste Software.

Dieses Update enthält hilfreiche Verbesserungen. Laden Sie es jetzt herunter, damit Ihr BlackBerry-Smartphone mit Android noch sicherer und produktiver wird.

Das Aktualisieren Ihres BlackBerry-Gerätes ist kostenlos und ganz einfach. Während des Updates können Sie Ihr Gerät wie gewohnt verwenden. Wie Sie wissen, empfehlen wir, vor dem Update eine aktuelle Sicherungsdatei Ihres BlackBerry-Smartphones anzulegen. Tippen Sie auf „Herunterladen“ um das Update zu starten.

Details zu den in diesem Update behobenen Problemen werden auf www.blackberry.com/bbsirt veröffentlicht.

Wir empfehlen vor dem Download des Updates eine WLAN-Verbindung herzustellen. Wenn Sie das Update über das Mobilfunknetz herunterladen, könnte dies zusätzliche Kosten verursachen.

In folgender Tabelle sind alles geschlossenen Sicherheitslücken auflistet.

Vulnerabilities Fixed in this Update:
Summary Description CVE
Remote Code Execution Vulnerability in Mediaserver A remote code execution vulnerability in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2017-0381
Remote Code Execution Vulnerability in Framesequence A remote code execution vulnerability in the framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. CVE-2017-0382
Elevation of Privilege Vulnerabilities in Audioserver Elevation of privilege vulnerabilities in audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0384
CVE-2017-0385
Elevation of Privilege Vulnerability in libnl An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0386
Elevation of Privilege Vulnerability in Mediaserver An elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0387
Denial of Service Vulnerability in Core Networking A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. CVE-2017-0389
Denial of Service Vulnerabilities in Mediaserver Denial of service vulnerabilities in mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. CVE-2017-0390
CVE-2017-0391
CVE-2017-0392
CVE-2017-0393
Denial of Service Vulnerability in Telephony A denial of service vulnerability in telephony could enable a remote attacker to cause a device hang or reboot. CVE-2017-0394
Elevation of Privilege Vulnerability in Contacts An elevation of privilege vulnerability in contacts could enable a local malicious application to silently create contact information. CVE-2017-0395
Information Disclosure Vulnerabilities in Mediaserver Information disclosure vulnerabilities in mediaserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0396
CVE-2017-0397
Information Disclosure Vulnerabilities in Audioserver Information disclosure vulnerabilities in audioserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0398
CVE-2017-0399
CVE-2017-0400
CVE-2017-0401
CVE-2017-0402
Elevation of Privilege Vulnerability in Kernel Memory Subsystem An elevation of privilege vulnerability in the kernel memory subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-3288
Elevation of Privilege Vulnerabilities in Qualcomm Bootloader Elevation of privilege vulnerabilities in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8422
CVE-2016-8423
Elevation of Privilege Vulnerability in Qualcomm GPU Driver An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel CVE-2016-8434
Vulnerabilities in Qualcomm Components These security vulnerabilities affect Qualcomm components, and are described in further detail in the appropriate Qualcomm AMSS security bulletin or security alert. CVE-2016-8398
CVE-2016-8437
CVE-2016-8438
CVE-2016-8439
CVE-2016-8440
CVE-2016-8441
CVE-2016-8442
CVE-2016-8443
CVE-2016-8459
CVE-2016-5080
Elevation of Privilege Vulnerabilities in Qualcomm Camera Elevation of privilege vulnerabilities in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8412
CVE-2016-8444
Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver An elevation of privilege vulnerability in the Qualcomm wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8415
Elevation of Privilege Vulnerability in Qualcomm Sound Driver An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel CVE-2016-8450
Elevation of Privilege Vulnerability in Kernel Security Subsystem An elevation of privilege vulnerability in kernel security subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-7042
Elevation of Privilege Vulnerability in Kernel Performance Subsystem An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0403
Elevation of Privilege Vulnerability in Kernel Sound Subsystem An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0404
Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver An elevation of privilege vulnerability in the Qualcomm wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8452
Elevation of Privilege Vulnerability in Qualcomm Radio Driver An elevation of privilege vulnerability in the Qualcomm radio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-5345
Elevation of Privilege Vulnerability in Kernel Profiling Subsystem An elevation of privilege vulnerability in the kernel profiling subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-9754
Elevation of Privilege Vulnerabilities in Broadcom Wi-Fi Driver Elevation of privilege vulnerabilities in the Broadcom wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8454
CVE-2016-8456
CVE-2016-8457
Elevation of Privilege Vulnerability in Synaptics Touchscreen Driver An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8458
Elevation of Privilege Vulnerabilities in Broadcom Wi-Fi Driver Elevation of privilege vulnerabilities in the Broadcom wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8464
CVE-2016-8465
CVE-2016-8466
Information Disclosure Vulnerabilities in Qualcomm Audio Post Processor Information disclosure vulnerabilities in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. CVE-2017-0399
CVE-2017-0400
CVE-2017-0401
CVE-2017-0402

Kommentar veröffentlichen