Das Roll-Out des BlackBerry Android-Sicherheitspatch-Update für April ist bereits in vollen Gange. Hier im Beitrag nun die geschlossenen Sicherheitslücken und Details zur Android-Sicherheitspatch-Ebene.
Das Update lässt sich in den Einstellungen unter dem Punkt „Über das Telefon“ an der Android-Sicherheitspatch-Ebene 01. April 2017 identifizieren.
Das Update kann in den Einstellungen unter „Über das Telefon“ bei dem Punkt „Systemupdates“ abgerufen werden. Es Update hat eine Größe von knapp über 100 MB. Daher empfiehlt es sich eine Sicherung (z.B. mit MyPhoneExplorer) anzulegen. Auch ist es ratsam das Update nur über ein verbundenes Wi-Fi Netz und mit angeschlossenem Ladegerät durchzuführen.
Aktualisieren Sie Ihr BlackBerry-Smartphone mit Android noch heute auf die neuste Software.
Dieses Update enthält hilfreiche Verbesserungen. Laden Sie es jetzt herunter, damit Ihr BlackBerry-Smartphone mit Android noch sicherer und produktiver wird.
Das Aktualisieren Ihres BlackBerry-Gerätes ist kostenlos und ganz einfach. Während des Updates können Sie Ihr Gerät wie gewohnt verwenden. Wie Sie wissen, empfehlen wir, vor dem Update eine aktuelle Sicherungsdatei Ihres BlackBerry-Smartphones anzulegen. Tippen Sie auf „Herunterladen“ um das Update zu starten.
Details zu den in diesem Update behobenen Problemen werden auf www.blackberry.com/bbsirt veröffentlicht.
Wir empfehlen vor dem Download des Updates eine WLAN-Verbindung herzustellen. Wenn Sie das Update über das Mobilfunknetz herunterladen, könnte dies zusätzliche Kosten verursachen.
In folgender Tabelle sind alles geschlossenen Sicherheitslücken auflistet.
| Summary | Description | CVE |
| Remote code execution vulnerability in Mediaserver | A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. | CVE-2017-0538 CVE-2017-0539 CVE-2017-0540 CVE-2017-0541 CVE-2017-0542 CVE-2017-0543 |
| Elevation of privilege vulnerability in CameraBase | An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. | CVE-2017-0544 |
| Elevation of privilege vulnerability in Audioserver | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process | CVE-2017-0545 |
| Elevation of privilege vulnerability in SurfaceFlinger | An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0546 |
| Information disclosure vulnerability in Mediaserver | An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0547 |
| Denial of service vulnerability in Mediaserver | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2017-0549 CVE-2017-0550 CVE-2017-0551 CVE-2017-0552 |
| Elevation of privilege vulnerability in libnl | An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. | CVE-2017-0553 |
| Elevation of privilege vulnerability in Telephony | An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. | CVE-2017-0554 |
| Information disclosure vulnerability in Mediaserver | An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0555 CVE-2017-0556 CVE-2017-0557 CVE-2017-0558 |
| Information disclosure vulnerability in libskia | An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0559 |
| Information disclosure vulnerability in Factory Reset | An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. | CVE-2017-0560 |
| Remote code execution vulnerability in Broadcom Wi-Fi firmware | A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. | CVE-2017-0561 |
| Remote code execution vulnerability in Qualcomm crypto engine driver | A remote code execution vulnerability in the Qualcomm crypto engine driver could enable a remote attacker to execute arbitrary code within the context of the kernel. | CVE-2016-10230 |
| Remote code execution vulnerability in kernel networking subsystem | A remote code execution vulnerability in the kernel networking subsystem could enable a remote attacker to execute arbitrary code within the context of the kernel. | CVE-2016-10229 |
| Elevation of privilege vulnerability in kernel ION subsystem | An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0564 |
| Vulnerabilities in Qualcomm components | Multiple vulnerabilities in Qualcomm components | CVE-2016-10237 CVE-2016-10238 CVE-2016-10239 |
| Remote code execution vulnerability in Freetype | A remote code execution vulnerability in Freetype could enable a local malicious application to load a specially crafted font to cause memory corruption in an unprivileged process | CVE-2016-10244 |
| Elevation of privilege vulnerability in kernel sound subsystem | An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2014-4656 |
| Elevation of privilege vulnerability in Broadcom Wi-Fi driver | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0567 CVE-2017-0568 CVE-2017-0569 CVE-2017-0570 CVE-2017-0571 CVE-2017-0572 CVE-2017-0573 CVE-2017-0574 |
| Elevation of privilege vulnerability in Qualcomm Wi-Fi driver | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0575 |
| Elevation of privilege vulnerability in Qualcomm crypto engine driver | An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0576 |
| Elevation of privilege vulnerability in DTS sound driver | An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0578 |
| Elevation of privilege vulnerability in Qualcomm sound codec driver | An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-10231 |
| Elevation of privilege vulnerability in Qualcomm video driver | An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0579 CVE-2016-10232 CVE-2016-10233 |
| Elevation of privilege vulnerability in Qualcomm Seemp driver | An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0462 |
| Elevation of privilege vulnerability in Qualcomm Kyro L2 driver | An elevation of privilege vulnerability in the Qualcomm Kyro L2 driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-6423 |
| Elevation of privilege vulnerability in kernel file system | An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2014-9922 |
| Information disclosure vulnerability in kernel networking subsystem | An information disclosure vulnerability in the kernel networking subsystem could enable a local malicious application to access data outside of its permission levels. | CVE-2014-3145 |
| Information disclosure vulnerability in Qualcomm IPA driver | An information disclosure vulnerability in the Qualcomm IPA driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-10234 |
| Denial of service vulnerability in Qualcomm Wi-Fi driver | A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. | CVE-2016-10235 |
| Elevation of privilege vulnerability in kernel file system | An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code outside of its permission levels. | CVE-2016-7097 |
| Elevation of privilege vulnerability in Qualcomm Wi-Fi driver | An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-6424 |
| Elevation of privilege vulnerability in Broadcom Wi-Fi driver | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-8465 |
| Information disclosure vulnerability in kernel media driver | An information disclosure vulnerability in the kernel media driver could enable a local malicious application to access data outside of its permission levels. | CVE-2014-1739 |
| Information disclosure vulnerability in Qualcomm Wi-Fi driver | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0584 |
| Information disclosure vulnerability in Broadcom Wi-Fi driver | An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0585 |
| Information disclosure vulnerability in Qualcomm Avtimer driver | An information disclosure vulnerability in the Qualcomm Avtimer driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-5346 |
| Information disclosure vulnerability in Qualcomm video driver | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-6425 |
| Information disclosure vulnerability in Qualcomm USB driver | An information disclosure vulnerability in the Qualcomm USB driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-10236 |
| Information disclosure vulnerability in Qualcomm sound driver | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0586 |
| Information disclosure vulnerability in Qualcomm SPMI driver | An information disclosure vulnerability in the Qualcomm SPMI driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-6426 |
| Vulnerabilities in Qualcomm components | Multiple vulnerabilities in Qualcomm components | CVE-2014-9937 CVE-2014-9934 |
