Android-Sicherheitspatch-Update für April verfügbar

Das Roll-Out des BlackBerry Android-Sicherheitspatch-Update für April ist bereits in vollen Gange. Hier im Beitrag nun die geschlossenen Sicherheitslücken und Details zur Android-Sicherheitspatch-Ebene.

Das Update lässt sich in den Einstellungen unter dem Punkt „Über das Telefon“ an der Android-Sicherheitspatch-Ebene 01. April 2017 identifizieren.

 

 
Das Update kann in den Einstellungen unter „Über das Telefon“ bei dem Punkt „Systemupdates“ abgerufen werden. Es Update hat eine Größe von knapp über 100 MB. Daher empfiehlt es sich eine Sicherung (z.B. mit MyPhoneExplorer) anzulegen. Auch ist es ratsam das Update nur über ein verbundenes Wi-Fi Netz und mit angeschlossenem Ladegerät durchzuführen.

 

Aktualisieren Sie Ihr BlackBerry-Smartphone mit Android noch heute auf die neuste Software.

Dieses Update enthält hilfreiche Verbesserungen. Laden Sie es jetzt herunter, damit Ihr BlackBerry-Smartphone mit Android noch sicherer und produktiver wird.

Das Aktualisieren Ihres BlackBerry-Gerätes ist kostenlos und ganz einfach. Während des Updates können Sie Ihr Gerät wie gewohnt verwenden. Wie Sie wissen, empfehlen wir, vor dem Update eine aktuelle Sicherungsdatei Ihres BlackBerry-Smartphones anzulegen. Tippen Sie auf „Herunterladen“ um das Update zu starten.

Details zu den in diesem Update behobenen Problemen werden auf www.blackberry.com/bbsirt veröffentlicht.

Wir empfehlen vor dem Download des Updates eine WLAN-Verbindung herzustellen. Wenn Sie das Update über das Mobilfunknetz herunterladen, könnte dies zusätzliche Kosten verursachen.

In folgender Tabelle sind alles geschlossenen Sicherheitslücken auflistet.

Summary Description CVE
Remote code execution vulnerability in Mediaserver A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2017-0538
CVE-2017-0539
CVE-2017-0540
CVE-2017-0541
CVE-2017-0542
CVE-2017-0543
Elevation of privilege vulnerability in CameraBase An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. CVE-2017-0544
Elevation of privilege vulnerability in Audioserver An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process CVE-2017-0545
Elevation of privilege vulnerability in SurfaceFlinger An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0546
Information disclosure vulnerability in Mediaserver An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0547
Denial of service vulnerability in Mediaserver A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2017-0549
CVE-2017-0550
CVE-2017-0551
CVE-2017-0552
Elevation of privilege vulnerability in libnl An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. CVE-2017-0553
Elevation of privilege vulnerability in Telephony An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. CVE-2017-0554
Information disclosure vulnerability in Mediaserver An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0555
CVE-2017-0556
CVE-2017-0557
CVE-2017-0558
Information disclosure vulnerability in libskia An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. CVE-2017-0559
Information disclosure vulnerability in Factory Reset An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. CVE-2017-0560
Remote code execution vulnerability in Broadcom Wi-Fi firmware A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. CVE-2017-0561
Remote code execution vulnerability in Qualcomm crypto engine driver A remote code execution vulnerability in the Qualcomm crypto engine driver could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-10230
Remote code execution vulnerability in kernel networking subsystem A remote code execution vulnerability in the kernel networking subsystem could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-10229
Elevation of privilege vulnerability in kernel ION subsystem An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0564
Vulnerabilities in Qualcomm components Multiple vulnerabilities in Qualcomm components CVE-2016-10237
CVE-2016-10238
CVE-2016-10239
Remote code execution vulnerability in Freetype A remote code execution vulnerability in Freetype could enable a local malicious application to load a specially crafted font to cause memory corruption in an unprivileged process CVE-2016-10244
Elevation of privilege vulnerability in kernel sound subsystem An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-4656
Elevation of privilege vulnerability in Broadcom Wi-Fi driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0567
CVE-2017-0568
CVE-2017-0569
CVE-2017-0570
CVE-2017-0571
CVE-2017-0572
CVE-2017-0573
CVE-2017-0574
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0575
Elevation of privilege vulnerability in Qualcomm crypto engine driver An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0576
Elevation of privilege vulnerability in DTS sound driver An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0578
Elevation of privilege vulnerability in Qualcomm sound codec driver An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-10231
Elevation of privilege vulnerability in Qualcomm video driver An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0579
CVE-2016-10232
CVE-2016-10233
Elevation of privilege vulnerability in Qualcomm Seemp driver An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0462
Elevation of privilege vulnerability in Qualcomm Kyro L2 driver An elevation of privilege vulnerability in the Qualcomm Kyro L2 driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-6423
Elevation of privilege vulnerability in kernel file system An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-9922
Information disclosure vulnerability in kernel networking subsystem An information disclosure vulnerability in the kernel networking subsystem could enable a local malicious application to access data outside of its permission levels. CVE-2014-3145
Information disclosure vulnerability in Qualcomm IPA driver An information disclosure vulnerability in the Qualcomm IPA driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-10234
Denial of service vulnerability in Qualcomm Wi-Fi driver A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. CVE-2016-10235
Elevation of privilege vulnerability in kernel file system An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code outside of its permission levels. CVE-2016-7097
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-6424
Elevation of privilege vulnerability in Broadcom Wi-Fi driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8465
Information disclosure vulnerability in kernel media driver An information disclosure vulnerability in the kernel media driver could enable a local malicious application to access data outside of its permission levels. CVE-2014-1739
Information disclosure vulnerability in Qualcomm Wi-Fi driver An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0584
Information disclosure vulnerability in Broadcom Wi-Fi driver An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0585
Information disclosure vulnerability in Qualcomm Avtimer driver An information disclosure vulnerability in the Qualcomm Avtimer driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-5346
Information disclosure vulnerability in Qualcomm video driver An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-6425
Information disclosure vulnerability in Qualcomm USB driver An information disclosure vulnerability in the Qualcomm USB driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-10236
Information disclosure vulnerability in Qualcomm sound driver An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0586
Information disclosure vulnerability in Qualcomm SPMI driver An information disclosure vulnerability in the Qualcomm SPMI driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-6426
Vulnerabilities in Qualcomm components Multiple vulnerabilities in Qualcomm components CVE-2014-9937
CVE-2014-9934

Kommentar veröffentlichen