Skip to main content
 首页 » 科技 » 黑莓

黑莓发布搭载Android系统BlackBerry手机安全公告-2017年4月

2017年04月21日12380

黑莓官方发布2017年4月份搭载Android系统BlackBerry手机(PRIV/DTEK)安全公告,更新可解决之前Android系统存在已知系统漏洞,黑莓官方已正式发布系统更新推送升级提示,用户在收到更新后在WIFI环境下OTA更新即可。Android Security

更新机型包含已上市黑莓安卓系统机型手机BlackBerry PRIV/DTEK50/DTEK60. 官方从4月3日开始OTA推送。黑莓安全,告诉你黑莓为什么安全

此次更新可修复如下漏洞:

Summary/摘要
Description/说明
CVE/漏洞编号
Remote code execution vulnerability in Mediaserver
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.
CVE-2017-0538
CVE-2017-0539
CVE-2017-0540
CVE-2017-0541
CVE-2017-0542
CVE-2017-0543
Elevation of privilege vulnerability in CameraBase
An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code.
CVE-2017-0544
Elevation of privilege vulnerability in Audioserver
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process
CVE-2017-0545
Elevation of privilege vulnerability in SurfaceFlinger
An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process.
CVE-2017-0546
Information disclosure vulnerability in Mediaserver
An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels.
CVE-2017-0547
Denial of service vulnerability in Mediaserver
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot.
CVE-2017-0549
CVE-2017-0550
CVE-2017-0551
CVE-2017-0552
Elevation of privilege vulnerability in libnl
An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service.
CVE-2017-0553
Elevation of privilege vulnerability in Telephony
An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels.
CVE-2017-0554
Information disclosure vulnerability in Mediaserver
An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels.
CVE-2017-0555
CVE-2017-0556
CVE-2017-0557
CVE-2017-0558
Information disclosure vulnerability in libskia
An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels.
CVE-2017-0559
Information disclosure vulnerability in Factory Reset
An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner.
CVE-2017-0560
Remote code execution vulnerability in Broadcom Wi-Fi firmware
A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC.
CVE-2017-0561
Remote code execution vulnerability in Qualcomm crypto engine driver
A remote code execution vulnerability in the Qualcomm crypto engine driver could enable a remote attacker to execute arbitrary code within the context of the kernel.
CVE-2016-10230
Remote code execution vulnerability in kernel networking subsystem
A remote code execution vulnerability in the kernel networking subsystem could enable a remote attacker to execute arbitrary code within the context of the kernel.
CVE-2016-10229
Elevation of privilege vulnerability in kernel ION subsystem
An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2017-0564
Vulnerabilities in Qualcomm components
Multiple vulnerabilities in Qualcomm components
CVE-2016-10237
CVE-2016-10238
CVE-2016-10239
Remote code execution vulnerability in Freetype
A remote code execution vulnerability in Freetype could enable a local malicious application to load a specially crafted font to cause memory corruption in an unprivileged process
CVE-2016-10244
Elevation of privilege vulnerability in kernel sound subsystem
An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2014-4656
Elevation of privilege vulnerability in Broadcom Wi-Fi driver
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2017-0567
CVE-2017-0568
CVE-2017-0569
CVE-2017-0570
CVE-2017-0571
CVE-2017-0572
CVE-2017-0573
CVE-2017-0574
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2017-0575
Elevation of privilege vulnerability in Qualcomm crypto engine driver
An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2017-0576
Elevation of privilege vulnerability in DTS sound driver
An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2017-0578
Elevation of privilege vulnerability in Qualcomm sound codec driver
An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2016-10231
Elevation of privilege vulnerability in Qualcomm video driver
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2017-0579
CVE-2016-10232
CVE-2016-10233
Elevation of privilege vulnerability in Qualcomm Seemp driver
An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2017-0462
Elevation of privilege vulnerability in Qualcomm Kyro L2 driver
An elevation of privilege vulnerability in the Qualcomm Kyro L2 driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2017-6423
Elevation of privilege vulnerability in kernel file system
An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2014-9922
Information disclosure vulnerability in kernel networking subsystem
An information disclosure vulnerability in the kernel networking subsystem could enable a local malicious application to access data outside of its permission levels.
CVE-2014-3145
Information disclosure vulnerability in Qualcomm IPA driver
An information disclosure vulnerability in the Qualcomm IPA driver could enable a local malicious application to access data outside of its permission levels.
CVE-2016-10234
Denial of service vulnerability in Qualcomm Wi-Fi driver
A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem.
CVE-2016-10235
Elevation of privilege vulnerability in kernel file system
An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code outside of its permission levels.
CVE-2016-7097
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2017-6424
Elevation of privilege vulnerability in Broadcom Wi-Fi driver
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2016-8465
Information disclosure vulnerability in kernel media driver
An information disclosure vulnerability in the kernel media driver could enable a local malicious application to access data outside of its permission levels.
CVE-2014-1739
Information disclosure vulnerability in Qualcomm Wi-Fi driver
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels.
CVE-2017-0584
Information disclosure vulnerability in Broadcom Wi-Fi driver
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels.
CVE-2017-0585
Information disclosure vulnerability in Qualcomm Avtimer driver
An information disclosure vulnerability in the Qualcomm Avtimer driver could enable a local malicious application to access data outside of its permission levels.
CVE-2016-5346
Information disclosure vulnerability in Qualcomm video driver
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels.
CVE-2017-6425
Information disclosure vulnerability in Qualcomm USB driver
An information disclosure vulnerability in the Qualcomm USB driver could enable a local malicious application to access data outside of its permission levels.
CVE-2016-10236
Information disclosure vulnerability in Qualcomm sound driver
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels.
CVE-2017-0586
Information disclosure vulnerability in Qualcomm SPMI driver
An information disclosure vulnerability in the Qualcomm SPMI driver could enable a local malicious application to access data outside of its permission levels.
CVE-2017-6426
Vulnerabilities in Qualcomm components
Multiple vulnerabilities in Qualcomm components
CVE-2014-9937
CVE-2014-9934

黑莓官方是全球手机品牌厂商中为数不多能够及时提供系统漏洞更新与补丁的商家,GOOGLE在最新的Android安全报告中特别提到黑莓是能够保障用户安全的厂商,黑莓除了每月定期的更新外,还会在Android系统存在中大安全漏洞时第一时间为用户提供系统补丁,保障用户的使用安全。


评论列表暂无评论
发表评论