BlackBerry releases April 2017 Android Security Update for BlackBerry Android devices

Rapid John
Posted on April 06, 2017, 4:05 pm
12 mins

BlackBerry has today rolled out the April 2017 Android Security update to Android devices that have been purchased from ShopBlackBerry.com.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.

Google have made two security patches available and, as always, BlackBerry have incorprated the latest patch – April 5, 2017.

The following vulnerabilities have been remediated in this update:

[table style=”table-striped”]

Summary Description CVE
Remote code execution vulnerability in Mediaserver A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2017-0538
CVE-2017-0539
CVE-2017-0540
CVE-2017-0541
CVE-2017-0542
CVE-2017-0543
Elevation of privilege vulnerability in CameraBase An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. CVE-2017-0544
Elevation of privilege vulnerability in Audioserver An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process CVE-2017-0545
Elevation of privilege vulnerability in SurfaceFlinger An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0546
Information disclosure vulnerability in Mediaserver An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0547
Denial of service vulnerability in Mediaserver A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2017-0549
CVE-2017-0550
CVE-2017-0551
CVE-2017-0552
Elevation of privilege vulnerability in libnl An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. CVE-2017-0553
Elevation of privilege vulnerability in Telephony An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. CVE-2017-0554
Information disclosure vulnerability in Mediaserver An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0555
CVE-2017-0556
CVE-2017-0557
CVE-2017-0558
Information disclosure vulnerability in libskia An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. CVE-2017-0559
Information disclosure vulnerability in Factory Reset An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. CVE-2017-0560
Remote code execution vulnerability in Broadcom Wi-Fi firmware A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. CVE-2017-0561
Remote code execution vulnerability in Qualcomm crypto engine driver A remote code execution vulnerability in the Qualcomm crypto engine driver could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-10230
Remote code execution vulnerability in kernel networking subsystem A remote code execution vulnerability in the kernel networking subsystem could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-10229
Elevation of privilege vulnerability in kernel ION subsystem An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0564
Vulnerabilities in Qualcomm components Multiple vulnerabilities in Qualcomm components CVE-2016-10237
CVE-2016-10238
CVE-2016-10239
Remote code execution vulnerability in Freetype A remote code execution vulnerability in Freetype could enable a local malicious application to load a specially crafted font to cause memory corruption in an unprivileged process CVE-2016-10244
Elevation of privilege vulnerability in kernel sound subsystem An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-4656
Elevation of privilege vulnerability in Broadcom Wi-Fi driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0567
CVE-2017-0568
CVE-2017-0569
CVE-2017-0570
CVE-2017-0571
CVE-2017-0572
CVE-2017-0573
CVE-2017-0574
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0575
Elevation of privilege vulnerability in Qualcomm crypto engine driver An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0576
Elevation of privilege vulnerability in DTS sound driver An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0578
Elevation of privilege vulnerability in Qualcomm sound codec driver An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-10231
Elevation of privilege vulnerability in Qualcomm video driver An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0579
CVE-2016-10232
CVE-2016-10233
Elevation of privilege vulnerability in Qualcomm Seemp driver An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0462
Elevation of privilege vulnerability in Qualcomm Kyro L2 driver An elevation of privilege vulnerability in the Qualcomm Kyro L2 driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-6423
Elevation of privilege vulnerability in kernel file system An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-9922
Information disclosure vulnerability in kernel networking subsystem An information disclosure vulnerability in the kernel networking subsystem could enable a local malicious application to access data outside of its permission levels. CVE-2014-3145
Information disclosure vulnerability in Qualcomm IPA driver An information disclosure vulnerability in the Qualcomm IPA driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-10234
Denial of service vulnerability in Qualcomm Wi-Fi driver A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. CVE-2016-10235
Elevation of privilege vulnerability in kernel file system An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code outside of its permission levels. CVE-2016-7097
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-6424
Elevation of privilege vulnerability in Broadcom Wi-Fi driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8465
Information disclosure vulnerability in kernel media driver An information disclosure vulnerability in the kernel media driver could enable a local malicious application to access data outside of its permission levels. CVE-2014-1739
Information disclosure vulnerability in Qualcomm Wi-Fi driver An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0584
Information disclosure vulnerability in Broadcom Wi-Fi driver An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0585
Information disclosure vulnerability in Qualcomm Avtimer driver An information disclosure vulnerability in the Qualcomm Avtimer driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-5346
Information disclosure vulnerability in Qualcomm video driver An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-6425
Information disclosure vulnerability in Qualcomm USB driver An information disclosure vulnerability in the Qualcomm USB driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-10236
Information disclosure vulnerability in Qualcomm sound driver An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0586
Information disclosure vulnerability in Qualcomm SPMI driver An information disclosure vulnerability in the Qualcomm SPMI driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-6426
Vulnerabilities in Qualcomm components Multiple vulnerabilities in Qualcomm components CVE-2014-9937
CVE-2014-9934

[/table]

If you own an Android device from BlackBerry and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually. Look for the following Android security patch level: April 5, 2017.

Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.

Rapid John

Rapid John has a quarter of a century in programming for Government and Corporate bodies and is proficient in most major programming languages.  He is constantly running around showing us his latest bit of code and telling us how fantastic it is. (John we know).

He is responsible for carrying out presentations to corporate and business customers and is a BlackBerry Elite.

Leave a Reply

You must be logged in to post a comment.