Android-Sicherheitspatch-Update für Mai verfügbar

Das Roll-Out des BlackBerry Android-Sicherheitspatch-Update für Mai ist bereits in vollen Gange. Hier im Beitrag nun die geschlossenen Sicherheitslücken und Details zur Android-Sicherheitspatch-Ebene.

Das Update lässt sich in den Einstellungen unter dem Punkt „Über das Telefon“ an der Android-Sicherheitspatch-Ebene 01. Mai 2017 oder neuer identifizieren.

Eine aktualisierte Software Version steht für BlackBerry Smartphone powered by Android welche bei ShopBlackBerry gekauft wurden umgehend zur Verfügung. Aktualisierte Software Builds können auch über andere Verkäufer oder Mobilfunkanbieter abhängig von Bereitstellungsplänen verfügbar sein.

 

 
Das Update kann in den Einstellungen unter „Über das Telefon“ bei dem Punkt „Systemupdates“ abgerufen werden. Es Update hat eine Größe von knapp über 100 MB. Daher empfiehlt es sich eine Sicherung (z.B. mit MyPhoneExplorer) anzulegen. Auch ist es ratsam das Update nur über ein verbundenes Wi-Fi Netz und mit angeschlossenem Ladegerät durchzuführen.

 

Aktualisieren Sie Ihr BlackBerry-Smartphone mit Android noch heute auf die neuste Software.

Dieses Update enthält hilfreiche Verbesserungen. Laden Sie es jetzt herunter, damit Ihr BlackBerry-Smartphone mit Android noch sicherer und produktiver wird.

Das Aktualisieren Ihres BlackBerry-Gerätes ist kostenlos und ganz einfach. Während des Updates können Sie Ihr Gerät wie gewohnt verwenden. Wie Sie wissen, empfehlen wir, vor dem Update eine aktuelle Sicherungsdatei Ihres BlackBerry-Smartphones anzulegen. Tippen Sie auf „Herunterladen“ um das Update zu starten.

Details zu den in diesem Update behobenen Problemen werden auf www.blackberry.com/bbsirt veröffentlicht.

Wir empfehlen vor dem Download des Updates eine WLAN-Verbindung herzustellen. Wenn Sie das Update über das Mobilfunknetz herunterladen, könnte dies zusätzliche Kosten verursachen.

In folgender Tabelle sind alles geschlossenen Sicherheitslücken auflistet.

Summary Description CVE
 
Remote code execution vulnerability in Mediaserver
 
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.
CVE-2017-0592
CVE-2017-0591
CVE-2017-0590
CVE-2017-0589
CVE-2017-0588
CVE-2017-0587
Elevation of privilege vulnerability in Framework API An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. CVE-2017-0593
Elevation of privilege vulnerability in Mediaserver

An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0596
CVE-2017-0595
CVE-2017-0594
Elevation of privilege vulnerability in Audioserver An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0597
Information disclosure vulnerability in Framework API An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2017-0598
Denial of service vulnerability in Mediaserver A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2017-0600
CVE-2017-0599
Information disclosure vulnerability in Bluetooth An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2017-0602
Information disclosure vulnerability in OpenSSL & BoringSSL An information disclosure vulnerability in OpenSSL & BoringSSL could enable a remote attacker to gain access to sensitive information. CVE-2016-7056
Denial of service vulnerability in Mediaserver A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2017-0603
Remote code execution vulnerability in GIFLIB A remote code execution vulnerability in GIFLIB could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2015-7555
Elevation of privilege vulnerability in kernel sound subsystem An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-9794
Elevation of privilege vulnerability in Qualcomm power driver An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0604
Elevation of privilege vulnerability in kernel trace subsystem An elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0605
Remote code execution vulnerability in libxml2 A remote code execution vulnerability in libxml2 could enable an attacker to use a specially crafted file to execute arbitrary code within the context of an unprivileged process. CVE-2016-5131
Elevation of privilege vulnerability in kernel performance subsystem An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-9004
 
 
 
Elevation of privilege vulnerability in Qualcomm sound driver
 
 
 
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2016-5853
CVE-2017-0611
CVE-2017-0610
CVE-2016-5859
CVE-2017-0609
CVE-2017-0608
CVE-2017-0607
CVE-2016-5867
CVE-2016-5860
CVE-2017-0606
Elevation of privilege vulnerability in Qualcomm ADSPRPC driver An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0465
Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0614
CVE-2017-0613
CVE-2017-0612
Elevation of privilege vulnerability in Qualcomm pin controller driver An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0619
Elevation of privilege vulnerability in Qualcomm Secure Channel Manager Driver An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0620
Elevation of privilege vulnerability in Qualcomm sound codec driver An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-5862
Elevation of privilege vulnerability in kernel voltage regulator driver An elevation of privilege vulnerability in the kernel voltage regulator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-9940
Elevation of privilege vulnerability in Qualcomm camera driver An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0621
Elevation of privilege vulnerability in Qualcomm networking driver An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-5868
Elevation of privilege vulnerability in kernel networking subsystem An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-7184
Elevation of privilege vulnerability in Goodix touchscreen driver An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0622
Information disclosure vulnerability in Qualcomm crypto engine driver An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0626
Information disclosure vulnerability in kernel UVC driver An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0627
Information disclosure vulnerability in kernel trace subsystem An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. CVE-2017-0630
Information disclosure vulnerability in Qualcomm camera driver An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0631
CVE-2017-0629
CVE-2017-0628
Information disclosure vulnerability in Qualcomm sound driver An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-5347
Information disclosure vulnerability in Qualcomm sound codec driver An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0632
CVE-2016-5858
Information disclosure vulnerability in Broadcom Wi-Fi driver An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. CVE-2017-0633
Information disclosure vulnerability in Synaptics touchscreen driver An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0634
Vulnerabilities in Qualcomm component Multiple vulnerabilities in Qualcomm components CVE-2014-9958
Vulnerabilities in Qualcomm component Multiple vulnerabilities in Qualcomm components CVE-2014-9959

Kommentar veröffentlichen