• February Security Patch Update Being Pushed To Priv Devices On AT&T


    After its initial availability to ShopBlackBerry devices on February 1st, Priv users on AT&T started receiving the February Security Patch update for their beloved Android-powered device this morning, updating their device to Build AAD447.

    As you might remember, AT&T devices did not receive any update in January, leaving the device on Build AAC734 until now.

    We've been told that this update includes BOTH the January & February security patches, so AT&T subscribers are fully caught up now!

    Did you receive an update to Build AAD447? Notice any changes? Let us know in the comments below!

    The following vulnerabilities have been remediated in this update:

    January Patches

    Summary Description CVE
    Remote Code Execution Vulnerability in Mediaserver During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
    The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
    CVE-2015-6636
    Elevation of Privilege Vulnerability in Setup Wizard An elevation of privilege vulnerability in the Setup Wizard can enable an attacker with physical access to the device to gain access to device settings and perform a manual device reset. CVE-2015-6643
    Elevation of Privilege Vulnerability in Wi-Fi An elevation of privilege vulnerability in the Wi-Fi component can enable a locally proximate attacker to gain access to Wi-Fi service related information. A device is only vulnerable to this issue while in local proximity. CVE-2015-5310
    Information Disclosure Vulnerability in Bouncy Castle An information disclosure vulnerability in the Bouncy Castle can enable a local malicious application to gain access to user’s private information. CVE-2015-6644
    Denial of Service Vulnerability in SyncManager A denial of service vulnerability in the SyncManager can enable a local malicious application to cause a reboot loop. CVE-2015-6645

    February Patches

    Summary Description CVE
    Remote Code Execution Vulnerability in Mediaserver During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
    The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
    CVE-2015-6636
    Elevation of Privilege Vulnerability in Setup Wizard An elevation of privilege vulnerability in the Setup Wizard can enable an attacker with physical access to the device to gain access to device settings and perform a manual device reset. CVE-2015-6643
    Elevation of Privilege Vulnerability in Wi-Fi An elevation of privilege vulnerability in the Wi-Fi component can enable a locally proximate attacker to gain access to Wi-Fi service related information. A device is only vulnerable to this issue while in local proximity. CVE-2015-5310
    Information Disclosure Vulnerability in Bouncy Castle An information disclosure vulnerability in the Bouncy Castle can enable a local malicious application to gain access to user’s private information. CVE-2015-6644
    Denial of Service Vulnerability in SyncManager A denial of service vulnerability in the SyncManager can enable a local malicious application to cause a reboot loop. CVE-2015-6645


    comments powered by Disqus
  • Recent Comments

  • Most Commented

    The most commented articles on BlackBerryOS over the past 24 hours.
  • Recent Forum Posts

    tarynjames

    BBM

    Is there anyway that i can change bbm on my blackberry passport to the bbm version on android phones.....my mum has a samsung and i much prefer the bbm

    tarynjames 08-17-2017, 04:13 AM Go to last post
    tarynjames

    BBM feeds not working

    i have a blackberry passport and i swiped the phone. i have been using bbm fine for a few weeks but now all of a sudden, only peoples status's are changing

    tarynjames 08-17-2017, 04:13 AM Go to last post
    Absinthe

    How-To Recover A Nuked Blackberry - with Pictures

    Hi - If I do this, is all my data (schedule, phone book) lost? Can it be salvaged?

    Absinthe 08-16-2017, 10:31 AM Go to last post
    tarynjames

    BBM

    Is there anyway that i can change bbm on my blackberry to the bbm version on android phones.....my mum has a samsung and i much prefer the bbm on her

    tarynjames 08-16-2017, 05:09 AM Go to last post
    tarynjames

    BBM feeds not working

    i have a blackberry passport and i swiped the phone. i have been using bbm fine for a few weeks but now all of a sudden, only peoples status's are changing

    tarynjames 08-16-2017, 05:07 AM Go to last post
  • BlackBerryOS.com Weekly Poll

    WILL YOU BE PURCHASING THE ANDROID POWERED BLACKBERRY NEON/DTEK50? (Votes: 38)

    1. Yes (Votes: 17)

    2. No (Votes: 17)

    3. Undecided (Votes: 4)