• February Security Patch Update Being Pushed To Priv

    Another month, another update. Users who purchased their PRIV through ShopBlackBerry received a 17MB update for their beloved Android-powered device this morning, updating their device to Build AAD444.

    You can expect the majority of carriers to push this update over the coming weeks.

    The changelog is very limited at this time, but we will make sure to pass along any additional information we receive.

    Did you receive an update to Build AAD444? Notice any changes? Let us know in the comments below!

    Update (02/01/2016):

    The following vulnerabilities have been remediated in this update:

    Summary Description CVE
    Remote Code Execution Vulnerabilities in Mediaserver During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
    The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
    Denial of Service Vulnerability in Minikin A denial of service vulnerability in the Minikin library can allow a local attacker to temporarily block access to an affected device. An attacker can cause an untrusted font to be loaded and cause an integer overflow in the Minikin component, which leads to a crash. CVE-2016-0808
    Elevation of Privilege Vulnerability in Mediaserver An elevation of privilege vulnerability in mediaserver can enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-0810
    Factory Reset Protection Bypass Vulnerabilities in Setup Wizard Vulnerabilities in the Setup Wizard could allow a malicious attacker to bypass the Factory Reset Protection and gain access to the device. CVE-2016-0812

    comments powered by Disqus