Android-Sicherheitspatch-Update für Februar verfügbar

PRIV_Update

BlackBerry hat damit begonnen das Android-Sicherheitspatch-Update für Februar 2017 auszurollen. Zunächst ist das Update nur für die Geräte welche bei ShopBlackBerry gekauft wurden und bei einigen Mobilfunk­anbieter verfügbar. Bleibt abzuwarten ob das DTEK50 zum DTEK60 und PRIV aufschließt. Im Dezember hat dieses nur das verspätete November-Update erhalten.

Das Update lässt sich in den Einstellungen unter dem Punkt „Über das Telefon“ an der Android-Sicherheitspatch-Ebene 05. Februar 2017 identifizieren.

 

 
Das Update kann in den Einstellungen unter „Über das Telefon“ bei dem Punkt „Systemupdates“ abgerufen werden. Es Update hat eine Größe von knapp über 100 MB. Daher empfiehlt es sich eine Sicherung (z.B. mit MyPhoneExplorer) anzulegen. Auch ist es ratsam das Update nur über ein verbundenes Wi-Fi Netz und mit angeschlossenem Ladegerät durchzuführen.

 

Aktualisieren Sie Ihr BlackBerry-Smartphone mit Android noch heute auf die neuste Software.

Dieses Update enthält hilfreiche Verbesserungen. Laden Sie es jetzt herunter, damit Ihr BlackBerry-Smartphone mit Android noch sicherer und produktiver wird.

Das Aktualisieren Ihres BlackBerry-Gerätes ist kostenlos und ganz einfach. Während des Updates können Sie Ihr Gerät wie gewohnt verwenden. Wie Sie wissen, empfehlen wir, vor dem Update eine aktuelle Sicherungsdatei Ihres BlackBerry-Smartphones anzulegen. Tippen Sie auf „Herunterladen“ um das Update zu starten.

Details zu den in diesem Update behobenen Problemen werden auf www.blackberry.com/bbsirt veröffentlicht.

Wir empfehlen vor dem Download des Updates eine WLAN-Verbindung herzustellen. Wenn Sie das Update über das Mobilfunknetz herunterladen, könnte dies zusätzliche Kosten verursachen.

In folgender Tabelle sind alles geschlossenen Sicherheitslücken auflistet.

Vulnerabilities Fixed in this Update:
Summary Description CVE
Remote Code Execution Vulnerabilities in Mediaserver Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2017-0407
Remote Code Execution Vulnerability in libstagefright A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. CVE-2017-0409
Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0410
Elevation of Privilege Vulnerability in Mediaserver An elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0415
Elevation of Privilege Vulnerabilities in Audioserver Elevation of privilege vulnerabilities in audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0416
CVE-2017-0417
CVE-2017-0418
CVE-2017-0419
Information Disclosure Vulnerabilities in AOSP Messaging Information disclosure vulnerabilities in AOSP messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2017-0413
CVE-2017-0414
Information Disclosure Vulnerability in Framework APIs An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2017-0421
Denial of Service Vulnerability in Bionic DNS A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. CVE-2017-0422
Elevation of Privilege Vulnerability in Bluetooth An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. CVE-2017-0423
Information Disclosure Vulnerability in AOSP Messaging An information disclosure vulnerability in AOSP messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. CVE-2017-0424
Information Disclosure Vulnerability in Audioserver An information disclosure vulnerability in audioserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0425
Remote Code Execution Vulnerability in Qualcomm Crypto Driver A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-8418
Elevation of Privilege Vulnerability in Kernel File System An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0427
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0430
Vulnerability in Qualcomm Components A denial of service vulnerability caused by improper data validation on DES3 object and DsaSignDigest in GP library operations. CVE-2017-0431
Elevation of Privilege Vulnerability in Qualcomm Secure Execution Environment Communicator Driver An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8480
Elevation of Privilege Vulnerabilities in Qualcomm Sound Driver Elevation of privilege vulnerabilities in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8481
CVE-2017-0435
CVE-2017-0436
Elevation of Privilege Vulnerabilities in Qualcomm Wi-Fi Driver Elevation of privilege vulnerabilities in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0437
CVE-2017-0438
CVE-2017-0439
CVE-2016-8419
CVE-2016-8420
CVE-2016-8421
CVE-2017-0440
CVE-2017-0441
CVE-2017-0442
CVE-2017-0443
CVE-2016-8476
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0449
Elevation of Privilege Vulnerability in Kernel File System An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to bypass protections that prevent an escalation of privileges. CVE-2016-10044
Information Disclosure Vulnerability in Qualcomm Secure Execution Environment Communicator An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. CVE-2016-8414
Information Disclosure Vulnerability in Qualcomm Sound Driver An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0451

Kommentar veröffentlichen