0

BlackBerry have promised to deliver security patches on a monthly basis for their Android smartphones and so far they are keeping good on that promise.

The company has today rolled out the February 2017 Android Security update to Android devices that have been purchased from ShopBlackBerry.com.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.

The following vulnerabilities have been remediated in this update:

Summary Description CVE
Remote Code Execution Vulnerabilities in Mediaserver   Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.   CVE-2017-0407
Remote Code Execution Vulnerability in libstagefright   A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process.   CVE-2017-0409
Elevation of Privilege Vulnerability in Framework APIs   An elevation of privilege vulnerability in the framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process.   CVE-2017-0410
Elevation of Privilege Vulnerability in Mediaserver   An elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.   CVE-2017-0415
Elevation of Privilege Vulnerabilities in Audioserver   Elevation of privilege vulnerabilities in audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.   CVE-2017-0416
CVE-2017-0417
CVE-2017-0418
CVE-2017-0419
Information Disclosure Vulnerabilities in AOSP Messaging   Information disclosure vulnerabilities in AOSP messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications.   CVE-2017-0413
CVE-2017-0414
Information Disclosure Vulnerability in Framework APIs   An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications.   CVE-2017-0421
Denial of Service Vulnerability in Bionic DNS   A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot.   CVE-2017-0422
Elevation of Privilege Vulnerability in Bluetooth   An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device.   CVE-2017-0423
Information Disclosure Vulnerability in AOSP Messaging   An information disclosure vulnerability in AOSP messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels.   CVE-2017-0424
Information Disclosure Vulnerability in Audioserver   An information disclosure vulnerability in audioserver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0425
Remote Code Execution Vulnerability in Qualcomm Crypto Driver   A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel.   CVE-2016-8418
Elevation of Privilege Vulnerability in Kernel File System   An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0427
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver   An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0430
Vulnerability in Qualcomm Components   A denial of service vulnerability caused by improper data validation on DES3 object and DsaSignDigest in GP library operations.   CVE-2017-0431
Elevation of Privilege Vulnerability in Qualcomm Secure Execution Environment Communicator Driver   An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-8480
Elevation of Privilege Vulnerabilities in Qualcomm Sound Driver   Elevation of privilege vulnerabilities in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2016-8481
CVE-2017-0435
CVE-2017-0436
Elevation of Privilege Vulnerabilities in Qualcomm Wi-Fi Driver   Elevation of privilege vulnerabilities in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0437
CVE-2017-0438
CVE-2017-0439
CVE-2016-8419
CVE-2016-8420
CVE-2016-8421
CVE-2017-0440
CVE-2017-0441
CVE-2017-0442
CVE-2017-0443
CVE-2016-8476
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver   An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.   CVE-2017-0449
Elevation of Privilege Vulnerability in Kernel File System   An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to bypass protections that prevent an escalation of privileges.   CVE-2016-10044
Information Disclosure Vulnerability in Qualcomm Secure Execution Environment Communicator   An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels.   CVE-2016-8414
Information Disclosure Vulnerability in Qualcomm Sound Driver   An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels.   CVE-2017-0451


If you own an Android device from BlackBerry and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually. Look for the following Android security patch level: February 5, 2017.

Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.

Get the latest news and information directly on your Android, BlackBerry, iPhone or Windows smartphone and join us on BBM Channel C00040F5B. We also have a brand new Facebook page here.

You need to login or register to bookmark/favorite this content.

What's your reaction?
Love It
22%
Like It
78%
Interested
0%
Unsure
0%
Surprised
0%
Not interested
0%
Hate It
0%
Sad
0%
About The Author
Rapid John
Rapid John
Rapid John has a quarter of a century in programming for Government and Corporate bodies and is proficient in most major programming languages.  He is constantly running around showing us his latest bit of code and telling us how fantastic it is. (John we know). He is responsible for carrying out presentations to corporate and business customers and is a BlackBerry Elite.