Android-Sicherheitspatch-Update für März verfügbar

PRIV_Update

BlackBerry hat damit begonnen das Android-Sicherheitspatch-Update für März 2017 auszurollen. Zunächst ist das Update nur für die Geräte welche bei ShopBlackBerry gekauft wurden und bei einigen Mobilfunk­anbieter verfügbar.

Das Update lässt sich in den Einstellungen unter dem Punkt „Über das Telefon“ an der Android-Sicherheitspatch-Ebene 05. März 2017 identifizieren.

 

 
Das Update kann in den Einstellungen unter „Über das Telefon“ bei dem Punkt „Systemupdates“ abgerufen werden. Es Update hat eine Größe von knapp über 100 MB. Daher empfiehlt es sich eine Sicherung (z.B. mit MyPhoneExplorer) anzulegen. Auch ist es ratsam das Update nur über ein verbundenes Wi-Fi Netz und mit angeschlossenem Ladegerät durchzuführen.

 

Aktualisieren Sie Ihr BlackBerry-Smartphone mit Android noch heute auf die neuste Software.

Dieses Update enthält hilfreiche Verbesserungen. Laden Sie es jetzt herunter, damit Ihr BlackBerry-Smartphone mit Android noch sicherer und produktiver wird.

Das Aktualisieren Ihres BlackBerry-Gerätes ist kostenlos und ganz einfach. Während des Updates können Sie Ihr Gerät wie gewohnt verwenden. Wie Sie wissen, empfehlen wir, vor dem Update eine aktuelle Sicherungsdatei Ihres BlackBerry-Smartphones anzulegen. Tippen Sie auf „Herunterladen“ um das Update zu starten.

Details zu den in diesem Update behobenen Problemen werden auf www.blackberry.com/bbsirt veröffentlicht.

Wir empfehlen vor dem Download des Updates eine WLAN-Verbindung herzustellen. Wenn Sie das Update über das Mobilfunknetz herunterladen, könnte dies zusätzliche Kosten verursachen.

In folgender Tabelle sind alles geschlossenen Sicherheitslücken auflistet.

Summary Description CVE
Remote Code Execution Vulnerability in OpenSSL & BoringSSL A remote code execution vulnerability in OpenSSL and BoringSSL could enable an attacker using a specially crafted file to cause memory corruption during file and data processing. CVE-2016-2182
Remote Code Execution Vulnerabilities in Mediaserver Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2017-0466
CVE-2017-0467
CVE-2017-0468
CVE-2017-0469
CVE-2017-0470
CVE-2017-0471
CVE-2017-0472
CVE-2017-0473
Elevation of Privilege Vulnerability in Recovery Verifier An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0475
Remote Code Execution Vulnerability in AOSP Messaging A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2017-0476
Remote Code Execution Vulnerability in Framesequence Library A remote code execution vulnerability in the framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. CVE-2017-0478
Elevation of Privilege Vulnerabilities in Audioserver Elevation of privilege vulnerabilities in audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0479
CVE-2017-0480
Elevation of Privilege Vulnerability in NFC An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. CVE-2017-0481
Denial of Service Vulnerabilities in Mediaserver Denial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2017-0482
CVE-2017-0483
CVE-2017-0484
CVE-2017-0485
CVE-2017-0486
CVE-2017-0487
CVE-2017-0488
Elevation of Privilege Vulnerability in Location Manager An elevation of privilege vulnerability in location manager could enable a local malicious application to bypass operating system protections for location data. CVE-2017-0489
Elevation of Privilege Vulnerability in Wi-Fi An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. CVE-2017-0490
Elevation of Privilege Vulnerability in Package Manager An elevation of privilege vulnerability in package manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. CVE-2017-0491
Information Disclosure Vulnerability in AOSP Messaging An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. CVE-2017-0494
Information Disclosure Vulnerability in Mediaserver An information disclosure vulnerability in mediaserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0495
Denial of Service Vulnerability in Setup Wizard A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. CVE-2017-0496
Denial of Service Vulnerability in Setup Wizard A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. CVE-2017-0498
Denial of Service Vulnerability in Audioserver A denial of service vulnerability in audioserver could enable a local malicious application to cause a device hang or reboot. CVE-2017-0499
Elevation of Privilege Vulnerabilities in Kernel ION Subsystem Elevation of privilege vulnerabilities in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0507
CVE-2017-0508
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0509
Elevation of Privilege Vulnerability in Qualcomm GPU Drive An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8479
Elevation of Privilege Vulnerabilities in Kernel Networking Subsystem Elevation of privilege vulnerabilities in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-9806
CVE-2016-10200
Vulnerability in Qualcomm Components A vulnerability in a Qualcomm component leading to elevation of privilege and information disclosure. CVE-2016-8484
Elevation of Privilege Vulnerabilities in Kernel Networking Subsystem Elevation of privilege vulnerabilities in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8655
CVE-2016-9793
Elevation of Privilege Vulnerability in Qualcomm Input Hardware Driver An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0516
Elevation of Privilege Vulnerability in Qualcomm ADSPRPC Driver An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0457
Elevation of Privilege Vulnerabilities in Qualcomm Fingerprint Sensor Driver Elevation of privilege vulnerabilities in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0518
CVE-2017-0519
Elevation of Privilege Vulnerability in Qualcomm Crypto Engine Driver An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0520
Elevation of Privilege Vulnerabilities in Qualcomm Camera Driver Elevation of privilege vulnerabilities in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0458
CVE-2017-0521
Elevation of Privilege Vulnerabilities in Qualcomm Wi-Fi Driver Elevation of privilege vulnerabilities in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0464
CVE-2017-0453
CVE-2017-0523
Elevation of Privilege Vulnerability in Synaptics Touchscreen Driver An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0524
Elevation of Privilege Vulnerabilities in Qualcomm IPA Driver Elevation of privilege vulnerabilities in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0456
CVE-2017-0525
Elevation of Privilege Vulnerabilities in Qualcomm Networking Driver Elevation of privilege vulnerabilities in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0463
CVE-2017-0460
Elevation of Privilege Vulnerability in Qualcomm SPCom Driver An elevation of privilege vulnerability in the Qualcomm SPCom driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-5856
Information Disclosure Vulnerability in Qualcomm Bootloader An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to execute arbitrary code within the context of the bootloader. CVE-2017-0455
Information Disclosure Vulnerability in Qualcomm Power Driver An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-8483
Denial of Service Vulnerability in Kernel Cryptographic Subsystem A denial of service vulnerability in the kernel cryptographic subsystem could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. CVE-2016-8650
Elevation of Privilege Vulnerability in Qualcomm Camera Driver An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8417
Information Disclosure Vulnerabilities in Qualcomm Wi-Fi Driver Information disclosure vulnerabilities in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0461
CVE-2017-0459
CVE-2017-0531
Information Disclosure Vulnerabilities in Qualcomm Video Driver Information disclosure vulnerabilities in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0533
CVE-2017-0534
CVE-2016-8416
CVE-2016-8478
Information Disclosure Vulnerabilities in Qualcomm Camera Driver Information disclosure vulnerabilities in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-8413
CVE-2016-8477
Information Disclosure Vulnerability in Synaptics Touchscreen Driver An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0536
Information Disclosure Vulnerability in Kernel USB Gadget Driver An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0537
Information Disclosure Vulnerability in Qualcomm Camera Driver An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0452

4 Kommentare zu “Android-Sicherheitspatch-Update für März verfügbar

  1. Auf meinem Priv bisher nicht erhältlich. Netz: 1&1/Vodafone. Android Marshmellow kam nach Kauf im September sofort, uch alle monatlichen Sicherheitspatches, das vom 5. Februar sogar schon am 3. Februar. Aber jetzt auch bei mehreren manuellen Abfragen NICHTS ! 1&1 gibt zunächst an: Lhier bei mir steht es -das Patch vom 5m März ist raus“, dann: “ das liegt am Gerät“, dann: „das liegt am Hersteller“

    Antworten

Kommentar veröffentlichen