BlackBerry

BlackBerry release BlackBerry Priv March Security Patch

BlackBerry have promised to deliver security patches on a monthly basis for the BlackBerry Priv, and so far they are keeping good on that promise.

The company has today rolled out the March Security upgrade (AAE016) to BlackBerry Priv’s worldwide.

This advisory is in response to the Nexus Security Bulletin (March 2016) and addresses issues in that bulletin that affect BlackBerry Android smartphones

The update comes in at 17Mb and updates 88 apps.

 

The following vulnerabilities have been fixed in this update:
[table style=”table-hover”]

SummaryDescriptionCVE
Remote Code Execution Vulnerability in MediaserverDuring media file and data processing of a specially crafted file, a vulnerability in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
CVE-2016-0815
Remote Code Execution Vulnerabilities in libvpxThere are multiple vulnerabilities in libvpx that could allow remote code execution in the privileged process mediaserver.CVE-2016-1621
Elevation of Privilege Vulnerability in ConscryptAn elevation of privilege vulnerability in the Conscrypt component can enable a man in the middle to intercept, manipulate, and inject arbitrary content on an encrypted communication leading to remote code execution.CVE-2016-0818
Elevation of Privilege Vulnerability in Keyring ComponentAn elevation of privilege vulnerability in the Kernel Keyring Component can enable a local malicious application to execute arbitrary code within the kernel.CVE-2016-0728
Mitigation Bypass Vulnerability in the KernelA mitigation bypass vulnerability in the kernel can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform.CVE-2016-0821
Information Disclosure Vulnerability in KernelAn information disclosure vulnerability in the kernel can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform.CVE-2016-0823
Elevation of Privilege Vulnerabilities in MediaserverElevation of privilege vulnerabilities in mediaserver can enable a local malicious application to execute arbitrary code within the context of an elevated system application.CVE-2016-0826
CVE-2016-0827
Information Disclosure Vulnerabilities in MediaserverInformation disclosure vulnerabilities in mediaserver can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform.CVE-2016-0828
CVE-2016-0829
Information Disclosure Vulnerability in TelephonyAn information disclosure vulnerability in the Telephony component could allow an application to access sensitive information.CVE-2016-0831
Elevation of Privilege Vulnerability in Setup WizardA vulnerability in the Setup Wizard could enable an attacker who had physical access to the device to gain access to device settings and perform a manual device reset.CVE-2016-0832

[/table]
Full details of the March 2016 Security Bulletin is available here.

If you own a Priv and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually.

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services