BlackBerry

BlackBerry releases December 2016 Android Security Update for BlackBerry Android devices

BlackBerry have promised to deliver security patches on a monthly basis for their Android smartphones and so far they are keeping good on that promise.

The company has today rolled out the December 2016 Android Security update to Android devices that have been purchased from ShopBlackBerry.com.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.

The following vulnerabilities have been remediated in this update:
[table style=”table-striped”]

SummaryDescriptionCVE
Elevation of Privilege Vulnerability in LibziparchiveAn elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process.CVE-2016-6762
Denial of Service Vulnerability in TelephonyA denial of service vulnerability in telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot.CVE-2016-6763
Denial of Service Vulnerabilities in MediaserverDenial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.CVE-2016-6766
CVE-2016-6765
CVE-2016-6764
Remote Code Execution Vulnerability in Framesequence LibraryA remote code execution vulnerability in the framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process.CVE-2016-6768
Elevation of Privilege Vulnerability in Framework APIsAn elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level.CVE-2016-6770
Elevation of Privilege Vulnerability in TelephonyAn elevation of privilege vulnerability in telephony could enable a local malicious application to access system functions beyond its access level.CVE-2016-6771
Elevation of Privilege Vulnerability in Wi-FiAn elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process.CVE-2016-6772
Information Disclosure Vulnerability in MediaserverAn information disclosure vulnerability in mediaserver could enable a local malicious application to access data outside of its permission levels.CVE-2016-6773
Elevation of Privilege Vulnerability in Qualcomm MSM InterfaceAn elevation of privilege vulnerability in the Qualcomm MSM interface could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-8411
Elevation of Privilege Vulnerability in KernelAn elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2015-8966
Elevation of Privilege Vulnerability in Kernel ION DriverAn elevation of privilege vulnerability in the kernel ION driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-9120
Elevation of Privilege Vulnerability in KernelAn elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2015-8967
Elevation of Privilege Vulnerabilities in Qualcomm Media CodecsElevation of privilege vulnerabilities in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process.CVE-2016-6758
CVE-2016-6759
CVE-2016-6760
CVE-2016-6761
Elevation of Privilege Vulnerability in Qualcomm Camera DriverAn elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-6755
Elevation of Privilege Vulnerabilities in Kernel Performance SubsystemElevation of privilege vulnerabilities in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-6786
CVE-2016-6787
Elevation of Privilege Vulnerabilities in Qualcomm Sound DriverElevation of privilege vulnerabilities in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-6791
CVE-2016-8391
CVE-2016-8392
Elevation of Privilege Vulnerability in Kernel Security SubsystemAn elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2015-7872
Elevation of Privilege Vulnerabilities in Broadcom Wi-Fi DriverElevation of privilege vulnerabilities in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2014-9909
CVE-2014-9910
Denial of Service Vulnerability in GPSA denial of service vulnerability in the Qualcomm GPS component could enable a remote attacker to cause a device hang or reboot.CVE-2016-5341
Elevation of Privilege Vulnerability in Kernel Networking SubsystemAn elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-8399
Information Disclosure Vulnerabilities in Qualcomm ComponentsInformation disclosure vulnerabilities in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels.CVE-2016-6756
CVE-2016-6757
Information Disclosure Vulnerabilities in Kernel ComponentsInformation disclosure vulnerabilities in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels.CVE-2016-8401
CVE-2016-8402
CVE-2016-8403
CVE-2016-8404
CVE-2016-8405
CVE-2016-8406
CVE-2016-8407
Information Disclosure Vulnerability in Qualcomm Sound DriverAn information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels.CVE-2016-8410

[/table]
If you own an Android device from BlackBerry and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually. Look for the following Android security patch level: December 5, 2016.

Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services