Das Roll-Out des BlackBerry Android-Sicherheitspatch-Update für Mai ist bereits in vollen Gange. Hier im Beitrag nun die geschlossenen Sicherheitslücken und Details zur Android-Sicherheitspatch-Ebene.
Das Update lässt sich in den Einstellungen unter dem Punkt „Über das Telefon“ an der Android-Sicherheitspatch-Ebene 01. Mai 2017 oder neuer identifizieren.
Eine aktualisierte Software Version steht für BlackBerry Smartphone powered by Android welche bei ShopBlackBerry gekauft wurden umgehend zur Verfügung. Aktualisierte Software Builds können auch über andere Verkäufer oder Mobilfunkanbieter abhängig von Bereitstellungsplänen verfügbar sein.
Das Update kann in den Einstellungen unter „Über das Telefon“ bei dem Punkt „Systemupdates“ abgerufen werden. Es Update hat eine Größe von knapp über 100 MB. Daher empfiehlt es sich eine Sicherung (z.B. mit MyPhoneExplorer) anzulegen. Auch ist es ratsam das Update nur über ein verbundenes Wi-Fi Netz und mit angeschlossenem Ladegerät durchzuführen.
Aktualisieren Sie Ihr BlackBerry-Smartphone mit Android noch heute auf die neuste Software.
Dieses Update enthält hilfreiche Verbesserungen. Laden Sie es jetzt herunter, damit Ihr BlackBerry-Smartphone mit Android noch sicherer und produktiver wird.
Das Aktualisieren Ihres BlackBerry-Gerätes ist kostenlos und ganz einfach. Während des Updates können Sie Ihr Gerät wie gewohnt verwenden. Wie Sie wissen, empfehlen wir, vor dem Update eine aktuelle Sicherungsdatei Ihres BlackBerry-Smartphones anzulegen. Tippen Sie auf „Herunterladen“ um das Update zu starten.
Details zu den in diesem Update behobenen Problemen werden auf www.blackberry.com/bbsirt veröffentlicht.
Wir empfehlen vor dem Download des Updates eine WLAN-Verbindung herzustellen. Wenn Sie das Update über das Mobilfunknetz herunterladen, könnte dies zusätzliche Kosten verursachen.
In folgender Tabelle sind alles geschlossenen Sicherheitslücken auflistet.
| Summary | Description | CVE |
|
Remote code execution vulnerability in Mediaserver |
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. |
CVE-2017-0592 CVE-2017-0591 CVE-2017-0590 CVE-2017-0589 CVE-2017-0588 CVE-2017-0587 |
| Elevation of privilege vulnerability in Framework API | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. | CVE-2017-0593 |
| Elevation of privilege vulnerability in Mediaserver | An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0596 CVE-2017-0595 CVE-2017-0594 |
| Elevation of privilege vulnerability in Audioserver | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | CVE-2017-0597 |
| Information disclosure vulnerability in Framework API | An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. | CVE-2017-0598 |
| Denial of service vulnerability in Mediaserver | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2017-0600 CVE-2017-0599 |
| Information disclosure vulnerability in Bluetooth | An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. | CVE-2017-0602 |
| Information disclosure vulnerability in OpenSSL & BoringSSL | An information disclosure vulnerability in OpenSSL & BoringSSL could enable a remote attacker to gain access to sensitive information. | CVE-2016-7056 |
| Denial of service vulnerability in Mediaserver | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | CVE-2017-0603 |
| Remote code execution vulnerability in GIFLIB | A remote code execution vulnerability in GIFLIB could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. | CVE-2015-7555 |
| Elevation of privilege vulnerability in kernel sound subsystem | An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-9794 |
| Elevation of privilege vulnerability in Qualcomm power driver | An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0604 |
| Elevation of privilege vulnerability in kernel trace subsystem | An elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0605 |
| Remote code execution vulnerability in libxml2 | A remote code execution vulnerability in libxml2 could enable an attacker to use a specially crafted file to execute arbitrary code within the context of an unprivileged process. | CVE-2016-5131 |
| Elevation of privilege vulnerability in kernel performance subsystem | An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2015-9004 |
|
Elevation of privilege vulnerability in Qualcomm sound driver |
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. |
CVE-2016-5853 CVE-2017-0611 CVE-2017-0610 CVE-2016-5859 CVE-2017-0609 CVE-2017-0608 CVE-2017-0607 CVE-2016-5867 CVE-2016-5860 CVE-2017-0606 |
| Elevation of privilege vulnerability in Qualcomm ADSPRPC driver | An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0465 |
| Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver | An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0614 CVE-2017-0613 CVE-2017-0612 |
| Elevation of privilege vulnerability in Qualcomm pin controller driver | An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0619 |
| Elevation of privilege vulnerability in Qualcomm Secure Channel Manager Driver | An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0620 |
| Elevation of privilege vulnerability in Qualcomm sound codec driver | An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-5862 |
| Elevation of privilege vulnerability in kernel voltage regulator driver | An elevation of privilege vulnerability in the kernel voltage regulator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2014-9940 |
| Elevation of privilege vulnerability in Qualcomm camera driver | An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0621 |
| Elevation of privilege vulnerability in Qualcomm networking driver | An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2016-5868 |
| Elevation of privilege vulnerability in kernel networking subsystem | An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-7184 |
| Elevation of privilege vulnerability in Goodix touchscreen driver | An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | CVE-2017-0622 |
| Information disclosure vulnerability in Qualcomm crypto engine driver | An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0626 |
| Information disclosure vulnerability in kernel UVC driver | An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0627 |
| Information disclosure vulnerability in kernel trace subsystem | An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0630 |
| Information disclosure vulnerability in Qualcomm camera driver | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0631 CVE-2017-0629 CVE-2017-0628 |
| Information disclosure vulnerability in Qualcomm sound driver | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. | CVE-2016-5347 |
| Information disclosure vulnerability in Qualcomm sound codec driver | An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0632 CVE-2016-5858 |
| Information disclosure vulnerability in Broadcom Wi-Fi driver | An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. | CVE-2017-0633 |
| Information disclosure vulnerability in Synaptics touchscreen driver | An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. | CVE-2017-0634 |
| Vulnerabilities in Qualcomm component | Multiple vulnerabilities in Qualcomm components | CVE-2014-9958 |
| Vulnerabilities in Qualcomm component | Multiple vulnerabilities in Qualcomm components | CVE-2014-9959 |
