09/03/2016

[PRIV更新] BlackBerryPRIV 的第四個系統及安全 OTA 小更新 (16年3月份)

[PRIV更新] 的第四個系統及安全 小更新 (16年3月份)

https://www.blackberryclubs.com/blackberrypriv-ota4/

BlackBerry 在當初推出 承諾會每月提供更新,除了在12月7日的首個大型 OTA (檔案約4xxMB) 更新之外,第四個系統及安全 OTA 小更新 (檔案約17MB) 更新也來了(16年3月份)……

估計這次 OTA 更新也會分兩批進行推送,第一批收到推送的是直接從官方商店  購買 BlackBerry PRIV ,而第二批收到推送的則是從營運商購買的 BlackBerry PRIV 。

  • 是次更新檔案約17MB。
  • 要留意的是更新過程需時約半小時,及會用掉約20%電量。
  • BlackBerryPRIV 更新後的系統版本號碼為 AAE016。
  • 安全性修補程式等級及日期(2016年3月1日)。

 

PURPOSE OF THIS BULLETIN

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available build, as outlined in the Available Updates section.

BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Nexus Security Bulletin (March 2016) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones.

VULNERABILITIES FIXED IN THIS UPDATE

The following vulnerabilities have been remediated in this update:

Summary Description CVE
Remote Code Execution Vulnerability in Mediaserver During media file and data processing of a specially crafted file, a vulnerability in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
CVE-2016-0815
Remote Code Execution Vulnerabilities in libvpx There are multiple vulnerabilities in libvpx that could allow remote code execution in the privileged process mediaserver. CVE-2016-1621
Elevation of Privilege Vulnerability in Conscrypt An elevation of privilege vulnerability in the Conscrypt component can enable a man in the middle to intercept, manipulate, and inject arbitrary content on an encrypted communication leading to remote code execution. CVE-2016-0818
Elevation of Privilege Vulnerability in Keyring Component An elevation of privilege vulnerability in the Kernel Keyring Component can enable a local malicious application to execute arbitrary code within the kernel. CVE-2016-0728
Mitigation Bypass Vulnerability in the Kernel A mitigation bypass vulnerability in the kernel can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. CVE-2016-0821
Information Disclosure Vulnerability in Kernel An information disclosure vulnerability in the kernel can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. CVE-2016-0823
Elevation of Privilege Vulnerabilities in Mediaserver Elevation of privilege vulnerabilities in mediaserver can enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-0826
CVE-2016-0827
Information Disclosure Vulnerabilities in Mediaserver Information disclosure vulnerabilities in mediaserver can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. CVE-2016-0828
CVE-2016-0829
Information Disclosure Vulnerability in Telephony An information disclosure vulnerability in the Telephony component could allow an application to access sensitive information. CVE-2016-0831
Elevation of Privilege Vulnerability in Setup Wizard A vulnerability in the Setup Wizard could enable an attacker who had physical access to the device to gain access to device settings and perform a manual device reset. CVE-2016-0832

AVAILABLE UPDATES

An updated software version is available immediately for BlackBerry Powered by Android smartphones that have been purchased from ShopBlackBerry.com. The updated software version can be identified with the following build ID:

  • Build AAE016

If your BlackBerry Powered by Android smartphone was purchased from a source other than ShopBlackBerry.com, please contact that retailer or carrier directly for security maintenance release availability information.

Source and Images: http://support.blackberry.com/kb/articleDetail?articleNumber=000038051

 

[PRIV更新] BlackBerryPRIV 的第四個系統及安全 OTA 小更新 (16年3月份)

blackberrypriv-ota3_01

▲要留意的是更新過程需時約半小時,及會用掉約20%電量。

 

blackberrypriv-ota4-bbc_01

▲是次更新檔案約17MB,詳細說明在:http://support.blackberry.com/kb/articleDetail?articleNumber=000038051

 

blackberrypriv-ota4-bbc_02

▲BlackBerryPRIV 更新後的系統版本號碼為 AAE016,Android 安全性修補程式等級及日期(2016年3月1日)。

 

BlackBerryClubs.com (黑莓會) 聯絡方法:

登入Facebook發表意見:

Comments.