BlackBerry

BlackBerry releases BlackBerry Priv July Security Upgrade

BlackBerry have promised to deliver security patches on a monthly basis for the BlackBerry Priv, and so far they are keeping good on that promise.

The company has today rolled out the July Security upgrade to BlackBerry Priv’s that have been purchased from ShopBlackBerry.com.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.

The following vulnerabilities have been remediated in this update:
[table style=”table-striped”]

SummaryDescriptionCVE
Remote Code Execution Vulnerabilities in MediaserverRemote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.

CVE-2016-2505
CVE-2016-2506
CVE-2016-2507
CVE-2016-2508
CVE-2016-3741
CVE-2016-3742
CVE-2016-3743
CVE-2016-2505
CVE-2016-2506
CVE-2016-2507
CVE-2016-2508
CVE-2016-3741
CVE-2016-3742
CVE-2016-3743
Remote Code Execution Vulnerability in OpenSSL & BoringSSLA remote code execution vulnerability in OpenSSL and BoringSSL could enable an attacker using a specially crafted file to cause memory corruption during file and data processing.CVE-2016-2108
Remote Code Execution Vulnerability in BluetoothA remote code execution vulnerability in Bluetooth could allow a proximal attacker to execute arbitrary code during the pairing process.CVE-2016-3744
Elevation of Privilege Vulnerability in libpngAn elevation of privilege vulnerability in libpng could enable a local malicious application to execute arbitrary code within the context of an elevated system application.CVE-2016-3751
Elevation of Privilege Vulnerabilities in MediaserverElevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of an elevated system application.CVE-2016-3745
CVE-2016-3746
CVE-2016-3747
Elevation of Privilege Vulnerability in SocketsAn elevation of privilege vulnerability in sockets could enable a local malicious application to access system calls outside of its permissions level.CVE-2016-3748
Elevation of Privilege Vulnerability in Framework APIsAn elevation of privilege vulnerability in the Parcels Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications.CVE-2016-3750
Elevation of Privilege Vulnerability in ChooserTarget ServiceAn elevation of privilege vulnerability in the ChooserTarget service could enable a local malicious application to execute code in the context of another application.CVE-2016-3752
Information Disclosure Vulnerability in OpenSSLAn information disclosure vulnerability in OpenSSL could enable a remote attacker to access protected data normally only accessible to locally installed apps that request permission.CVE-2016-2107
Denial of Service Vulnerabilities in MediaserverDenial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.CVE-2016-3754
CVE-2016-3755
CVE-2016-3756
Elevation of Privilege Vulnerability in lsofAn elevation of privilege vulnerability in lsof could enable a local malicious application to execute arbitrary code that could lead to a permanent device compromise.CVE-2016-3757
Elevation of Privilege Vulnerability in DexClassLoaderAn elevation of privilege vulnerability in the DexClassLoader could enable a local malicious application to execute arbitrary code within the context of a privileged process.CVE-2016-3758
Elevation of Privilege Vulnerability in Framework APIsAn elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to request backup permissions and intercept all backup data.CVE-2016-3759
Elevation of Privilege Vulnerability in BluetoothAn elevation of privilege vulnerability in the Bluetooth component could enable a local attacker  to add an authenticated Bluetooth device that persists for the primary user.CVE-2016-3760
Elevation of Privilege Vulnerability in NFCAn elevation of privilege vulnerability in NFC could enable a local malicious background application to access information from a foreground application.CVE-2016-3761
Elevation of Privilege Vulnerability in SocketsAn elevation of privilege vulnerability in sockets could enable a local malicious application to gain access to certain uncommon socket types possibly leading to arbitrary code execution within the context of the kernel.CVE-2016-3762
Information Disclosure Vulnerability in Proxy Auto-ConfigAn information disclosure vulnerability in the Proxy Auto-Config component could allow an application to access sensitive information.CVE-2016-3763
Information Disclosure Vulnerabilities in MediaserverInformation disclosure vulnerabilities in mediaserver could allow a local malicious application to access sensitive information.CVE-2016-3764
CVE-2016-3765
Denial of Service Vulnerability in MediaserverA denial of service vulnerability in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.CVE-2016-3766
Elevation of Privilege Vulnerabilities in Qualcomm GPU DriverElevation of privilege vulnerabilities in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-2503
CVE-2016-2067
Elevation of Privilege Vulnerability in Qualcomm Performance ComponentAn elevation of privilege vulnerability in the Qualcomm performance component could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-3768
Elevation of Privilege Vulnerability in Kernel File SystemAn elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-3775
Elevation of Privilege Vulnerability in USB DriverAn elevation of privilege vulnerability in the USB driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2015-8816
Elevation of Privilege Vulnerability in Qualcomm ComponentsAn elevation of privilege vulnerability could enable a malicious application to execute code within the context of the kernel.CVE-2014-9801
Elevation of Privilege Vulnerability in Qualcomm USB DriverAn elevation of privilege vulnerability in the Qualcomm USB driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-2502
Elevation of Privilege Vulnerability in Qualcomm Camera DriverAn elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-2501
Elevation of Privilege Vulnerabilities in Kernel File SystemElevation of privilege vulnerabilities in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-3802
CVE-2016-3803
Elevation of Privilege Vulnerability in Qualcomm Sound DriverAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-2068
Elevation of Privilege Vulnerability in KernelAn elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2014-9803
Information Disclosure Vulnerability in Networking ComponentAn information disclosure vulnerability in the networking component could enable a local malicious application to access data outside of its permission levels.CVE-2016-3809
Elevation of Privilege Vulnerability in Kernel Video DriverAn elevation of privilege vulnerability in the kernel video driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-3811
Information Disclosure Vulnerability in Qualcomm USB DriverAn information disclosure vulnerability in the Qualcomm USB driver could enable a local malicious application to access data outside of its permission levels.CVE-2016-3813
Information Disclosure Vulnerability in Kernel Teletype DriverAn information disclosure vulnerability in the teletype driver could enable a local malicious application to acces

[/table]
If you own a Priv and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually.

Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services