25/03/2016

[PRIV更新] BlackBerryPRIV 的第五個系統及安全 OTA 小更新 (16年4月份)

[PRIV更新] 的第五個系統及安全 小更新 (16年4月份)

https://www.blackberryclubs.com/blackberrypriv-ota5/

BlackBerry 在當初推出 承諾會每月提供更新,除了在12月7日的首個大型 OTA (檔案約4xxMB) 更新之外,第五個系統及安全 OTA 小更新 (檔案約20.9MB) 更新也來了(16年4月份)……

估計這次 OTA 更新也會分兩批進行推送,第一批收到推送的是直接從官方商店  購買 BlackBerry PRIV ,而第二批收到推送的則是從營運商購買的 BlackBerry PRIV 。

  • 是次更新檔案約20.9MB。
  • 要留意的是更新過程需時約半小時,及會用掉約20%電量。
  • BlackBerryPRIV 更新後的系統版本號碼為 AAE298。
  • 安全性修補程式等級及日期(2016年4月2日)。
  • BSRT-2016-002 Vulnerability in Android/Linux kernel impacts

 

BSRT-2016-002 Vulnerability in Android/Linux kernel impacts BlackBerry PRIV smartphones

Article Number: 000038108 First Published: March 23, 2016 Last Modified: March 23, 2016 Type: Security Advisory

OVERVIEW

This advisory addresses an industry-wide elevation of privilege vulnerability that is not currently being exploited against, but affects, BlackBerry® PRIV smartphones. BlackBerry customer risk is limited by the inability of a potential attacker to force exploitation of the vulnerability without customer interaction. Successful exploitation requires an attacker craft a malicious application (app) and that a user install the malicious app. If the requirements are met for exploitation, an attacker could potentially gain locally elevated privileges. After installing the recommended software update, affected customers will be fully protected from this vulnerability.

WHO SHOULD READ THIS ADVISORY?

  • BlackBerry PRIV smartphone users
  • IT administrators who deploy BlackBerry PRIV smartphones

WHO SHOULD APPLY THE SOFTWARE FIX(ES)?

  • BlackBerry PRIV smartphone users
  • IT administrators who deploy BlackBerry PRIV smartphones

RESOLUTION

An updated software version is available immediately for BlackBerry PRIV smartphones that have been purchased fromShopBlackBerry.com. The updated software version can be identified with the following build ID:

  • Build AAE298 and later

If your BlackBerry PRIV smartphone was purchased from a source other than ShopBlackBerry.com, please contact that retailer or carrier directly for urgent maintenance release availability information.

 

VULNERABILITY INFORMATION

An elevation of privilege vulnerability exists in the shared Android/Linux kernel used in affected versions of BlackBerry PRIV smartphones. The kernel constitutes the central core of the smartphone's operating system.

Successful exploitation of this vulnerability could result in an attacker gaining elevated privileges on the smartphone.

In order to exploit this vulnerability, an attacker must craft a malicious app. The attacker must then persuade a user to download and install the malicious app.

This vulnerability has a Common Vulnerability Scoring System (CVSSv2) score of 6.9. View the linked Common Vulnerability and Exposures (CVE) identifiers for a description of the security issue that this security advisory addresses.

Source and Images: http://support.blackberry.com/kb/articleDetail?articleNumber=000038108

 

[PRIV更新] BlackBerryPRIV 的第五個系統及安全 OTA 小更新 (16年4月份)

blackberrypriv-ota5_bbc_01

▲要留意的是更新過程需時約半小時,及會用掉約20%電量。

 

blackberrypriv-ota5_bbc_02

▲是次更新檔案約20.9MB,詳細說明在:http://support.blackberry.com/kb/articleDetail?articleNumber=000038108

 

blackberrypriv-ota5_bbc_03

▲BlackBerryPRIV 更新後的系統版本號碼為 AAE298,Android 安全性修補程式等級及日期(2016年4月2日)。

 

BlackBerryClubs.com (黑莓會) 聯絡方法:

登入Facebook發表意見:

Comments.