BlackBerry

BlackBerry releases January 2017 Android Security Update for BlackBerry Android devices

BlackBerry have promised to deliver security patches on a monthly basis for their Android smartphones and so far they are keeping good on that promise.

The company has today rolled out the January 2017 Android Security update to Android devices that have been purchased from ShopBlackBerry.com.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.

The following vulnerabilities have been remediated in this update:
[table style=”table-striped”]

SummaryDescriptionCVE
Remote Code Execution Vulnerability in MediaserverA remote code execution vulnerability in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.CVE-2017-0381
Remote Code Execution Vulnerability in FramesequenceA remote code execution vulnerability in the framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process.CVE-2017-0382
Elevation of Privilege Vulnerabilities in AudioserverElevation of privilege vulnerabilities in audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.CVE-2017-0384
CVE-2017-0385
Elevation of Privilege Vulnerability in libnlAn elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process.CVE-2017-0386
Elevation of Privilege Vulnerability in MediaserverAn elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.CVE-2017-0387
Denial of Service Vulnerability in Core NetworkingA denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot.CVE-2017-0389
Denial of Service Vulnerabilities in MediaserverDenial of service vulnerabilities in mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot.CVE-2017-0390
CVE-2017-0391
CVE-2017-0392
CVE-2017-0393
Denial of Service Vulnerability in TelephonyA denial of service vulnerability in telephony could enable a remote attacker to cause a device hang or reboot.CVE-2017-0394
Elevation of Privilege Vulnerability in ContactsAn elevation of privilege vulnerability in contacts could enable a local malicious application to silently create contact information.CVE-2017-0395
Information Disclosure Vulnerabilities in MediaserverInformation disclosure vulnerabilities in mediaserver could enable a local malicious application to access data outside of its permission levels.CVE-2017-0396
CVE-2017-0397
Information Disclosure Vulnerabilities in AudioserverInformation disclosure vulnerabilities in audioserver could enable a local malicious application to access data outside of its permission levels.CVE-2017-0398
CVE-2017-0399
CVE-2017-0400
CVE-2017-0401
CVE-2017-0402
Elevation of Privilege Vulnerability in Kernel Memory SubsystemAn elevation of privilege vulnerability in the kernel memory subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2015-3288
Elevation of Privilege Vulnerabilities in Qualcomm BootloaderElevation of privilege vulnerabilities in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-8422
CVE-2016-8423
Elevation of Privilege Vulnerability in Qualcomm GPU DriverAn elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-8434
Vulnerabilities in Qualcomm ComponentsThese security vulnerabilities affect Qualcomm components, and are described in further detail in the appropriate Qualcomm AMSS security bulletin or security alert.CVE-2016-8398
CVE-2016-8437
CVE-2016-8438
CVE-2016-8439
CVE-2016-8440
CVE-2016-8441
CVE-2016-8442
CVE-2016-8443
CVE-2016-8459
CVE-2016-5080
Elevation of Privilege Vulnerabilities in Qualcomm CameraElevation of privilege vulnerabilities in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-8412
CVE-2016-8444
Elevation of Privilege Vulnerability in Qualcomm Wi-Fi DriverAn elevation of privilege vulnerability in the Qualcomm wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-8415
Elevation of Privilege Vulnerability in Qualcomm Sound DriverAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-8450
Elevation of Privilege Vulnerability in Kernel Security SubsystemAn elevation of privilege vulnerability in kernel security subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-7042
Elevation of Privilege Vulnerability in Kernel Performance SubsystemAn elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2017-0403
Elevation of Privilege Vulnerability in Kernel Sound SubsystemAn elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2017-0404
Elevation of Privilege Vulnerability in Qualcomm Wi-Fi DriverAn elevation of privilege vulnerability in the Qualcomm wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-8452
Elevation of Privilege Vulnerability in Qualcomm Radio DriverAn elevation of privilege vulnerability in the Qualcomm radio driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-5345
Elevation of Privilege Vulnerability in Kernel Profiling SubsystemAn elevation of privilege vulnerability in the kernel profiling subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-9754
Elevation of Privilege Vulnerabilities in Broadcom Wi-Fi DriverElevation of privilege vulnerabilities in the Broadcom wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-8454
CVE-2016-8456
CVE-2016-8457
Elevation of Privilege Vulnerability in Synaptics Touchscreen DriverAn elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-8458
Elevation of Privilege Vulnerabilities in Broadcom Wi-Fi DriverElevation of privilege vulnerabilities in the Broadcom wi-fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-8464
CVE-2016-8465
CVE-2016-8466
Information Disclosure Vulnerabilities in Qualcomm Audio Post ProcessorInformation disclosure vulnerabilities in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels.CVE-2017-0399
CVE-2017-0400
CVE-2017-0401
CVE-2017-0402

[/table]
If you own an Android device from BlackBerry and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually. Look for the following Android security patch level: January 5, 2017.

Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services