黑莓发布搭载Android系统Blackberry手机安全公告-2016.12_黑莓

黑莓官方发布12月份搭载Android系统Blackberry手机(PRIV/DTEK50/DTEK60)安全公告，此次更新修复高通官方已知Android系统漏洞。系统更新版本号为(AAH990、AAI039、AAH995)。

更新机型包含已上市黑莓安卓系统机型手机Blackberry PRIV/DTEK50/DTEK60. 官方从12月3日开始OTA推送

此次更新可修复如下漏洞:

Summary/摘要	Description/说明	CVE/漏洞编号
Elevation of Privilege Vulnerability in Libziparchive	An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process.	CVE-2016-6762
Denial of Service Vulnerability in Telephony	A denial of service vulnerability in telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot.	CVE-2016-6763
Denial of Service Vulnerabilities in Mediaserver	Denial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.	CVE-2016-6766 CVE-2016-6765 CVE-2016-6764
Remote Code Execution Vulnerability in Framesequence Library	A remote code execution vulnerability in the framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process.	CVE-2016-6768
Elevation of Privilege Vulnerability in Framework APIs	An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level.	CVE-2016-6770
Elevation of Privilege Vulnerability in Telephony	An elevation of privilege vulnerability in telephony could enable a local malicious application to access system functions beyond its access level.	CVE-2016-6771
Elevation of Privilege Vulnerability in Wi-Fi	An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process.	CVE-2016-6772
Information Disclosure Vulnerability in Mediaserver	An information disclosure vulnerability in mediaserver could enable a local malicious application to access data outside of its permission levels.	CVE-2016-6773
Elevation of Privilege Vulnerability in Qualcomm MSM Interface	An elevation of privilege vulnerability in the Qualcomm MSM interface could enable a local malicious application to execute arbitrary code within the context of the kernel.	CVE-2016-8411
Elevation of Privilege Vulnerability in Kernel	An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel.	CVE-2015-8966
Elevation of Privilege Vulnerability in Kernel ION Driver	An elevation of privilege vulnerability in the kernel ION driver could enable a local malicious application to execute arbitrary code within the context of the kernel.	CVE-2016-9120
Elevation of Privilege Vulnerability in Kernel	An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel.	CVE-2015-8967
Elevation of Privilege Vulnerabilities in Qualcomm Media Codecs	Elevation of privilege vulnerabilities in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process.	CVE-2016-6758 CVE-2016-6759 CVE-2016-6760 CVE-2016-6761
Elevation of Privilege Vulnerability in Qualcomm Camera Driver	An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel.	CVE-2016-6755
Elevation of Privilege Vulnerabilities in Kernel Performance Subsystem	Elevation of privilege vulnerabilities in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.	CVE-2016-6786 CVE-2016-6787
Elevation of Privilege Vulnerabilities in Qualcomm Sound Driver	Elevation of privilege vulnerabilities in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.	CVE-2016-6791 CVE-2016-8391 CVE-2016-8392
Elevation of Privilege Vulnerability in Kernel Security Subsystem	An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.	CVE-2015-7872
Elevation of Privilege Vulnerabilities in Broadcom Wi-Fi Driver	Elevation of privilege vulnerabilities in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.	CVE-2014-9909 CVE-2014-9910
Denial of Service Vulnerability in GPS	A denial of service vulnerability in the Qualcomm GPS component could enable a remote attacker to cause a device hang or reboot.	CVE-2016-5341
Elevation of Privilege Vulnerability in Kernel Networking Subsystem	An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.	CVE-2016-8399
Information Disclosure Vulnerabilities in Qualcomm Components	Information disclosure vulnerabilities in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels.	CVE-2016-6756 CVE-2016-6757
Information Disclosure Vulnerabilities in Kernel Components	Information disclosure vulnerabilities in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels.	CVE-2016-8401 CVE-2016-8402 CVE-2016-8403 CVE-2016-8404 CVE-2016-8405 CVE-2016-8406 CVE-2016-8407
Information Disclosure Vulnerability in Qualcomm Sound Driver	An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels.