BlackBerry

BlackBerry releases BlackBerry Priv June Security Upgrade

BlackBerry have promised to deliver security patches on a monthly basis for the BlackBerry Priv, and so far they are keeping good on that promise.

The company has today rolled out the June Security upgrade to BlackBerry Priv’s that have been purchased from ShopBlackBerry.com.

The following vulnerabilities have been remediated in this update:
[table style=”table-striped”]

SummaryDescriptionCVE
Remote Code Execution Vulnerability in MediaserverA remote code execution vulnerability in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.

CVE-2016-2463
Remote Code Execution Vulnerabilities in libwebmRemote code execution vulnerabilities with libwebm could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.

The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.

CVE-2016-2464
Elevation of Privilege Vulnerability in Qualcomm Video DriverAn elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-2465
Elevation of Privilege Vulnerabilities in Qualcomm GPU DriverElevation of privilege vulnerabilities in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-2468
CVE-2016-2062
Elevation of Privilege Vulnerability in Broadcom Wi-Fi DriverAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to invoke system calls changing the device settings and behavior without the privileges to do so.CVE-2016-2475
Elevation of Privilege Vulnerabilities in Qualcomm Sound DriverElevation of privilege vulnerabilities in the Qualcomm sound driver could enable a malicious application to execute arbitrary code within the context of the kernel.CVE-2016-2066
CVE-2016-2469
Elevation of Privilege Vulnerabilities in MediaserverElevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of an elevated system application.CVE-2016-2476
CVE-2016-2477
CVE-2016-2478
CVE-2016-2479
CVE-2016-2480
CVE-2016-2481
CVE-2016-2482
CVE-2016-2483
CVE-2016-2484
CVE-2016-2485
CVE-2016-2486
CVE-2016-2487
Elevation of Privilege Vulnerabilities in Qualcomm Camera DriverElevation of privilege vulnerabilities in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-2061
CVE-2016-2488
Elevation of Privilege Vulnerability in Qualcomm Video DriverAn elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-2489
Elevation of Privilege Vulnerability in SD Card Emulation LayerAn elevation of privilege vulnerability in the SD Card userspace emulation layer could enable a local malicious application to execute arbitrary code within the context of an elevated system application.CVE-2016-2494
Elevation of Privilege Vulnerability in Broadcom Wi-Fi DriverAn elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.CVE-2016-2493
Remote Denial of Service Vulnerability in MediaserverA remote denial of service vulnerability in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.CVE-2016-2495
Elevation of Privilege Vulnerability in Framework UIAn elevation of privilege vulnerability in the Framework UI permission dialog window could enable an attacker to gain access to unauthorized files in private storage.CVE-2016-2496
Information Disclosure Vulnerability in MediaserverAn information disclosure vulnerability in mediaserver could allow an application to access sensitive information.CVE-2016-2499
Information Disclosure Vulnerability in Activity ManagerAn information disclosure vulnerability in the Activity Manager component could allow an application to access sensitive information.

[/table]

If you own a Priv and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually.

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services