• January Security Patch Update Being Pushed To Priv

    Author Avatar
    by
    TwistMyMind
        Follow on Twitter Follow on Twitter
    		 
    Published on 01-04-2016 10:21 AM
    View Comments

    Another month, another update. Users who purchased their PRIV through ShopBlackBerry received a 16.1MB update for their beloved Android-powered device this morning, updating their device to Build AAD250.

    The monthly security patch release is now posted (AAD250). ShopBB and some carriers, more carriers next week (@MichaelClewley, 9:02 AM - 4 Jan 2016)
    You can expect the majority of carriers to push this update over the coming weeks.

    As you might remember, this update was erroneously pushed to several users just before Christmas.

    The changelog is very limited at this time, but we will make sure to pass along any additional information we receive.

    Did you receive an update to Build AAD250? Notice any changes? Let us know in the comments below!

    Update (01/04/2016):

    The following vulnerabilities have been remediated in this update:
    Summary Description CVE
    Remote Code Execution Vulnerability in Mediaserver During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
    The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.    		 CVE-2015-6636
    Elevation of Privilege Vulnerability in Setup Wizard An elevation of privilege vulnerability in the Setup Wizard can enable an attacker with physical access to the device to gain access to device settings and perform a manual device reset. CVE-2015-6643
    Elevation of Privilege Vulnerability in Wi-Fi An elevation of privilege vulnerability in the Wi-Fi component can enable a locally proximate attacker to gain access to Wi-Fi service related information. A device is only vulnerable to this issue while in local proximity. CVE-2015-5310
    Information Disclosure Vulnerability in Bouncy Castle An information disclosure vulnerability in the Bouncy Castle can enable a local malicious application to gain access to user’s private information. CVE-2015-6644
    Denial of Service Vulnerability in SyncManager A denial of service vulnerability in the SyncManager can enable a local malicious application to cause a reboot loop. CVE-2015-6645

    Categories:
    1. Official OS


    comments powered by Disqus
This website uses cookies
We use cookies to store session information to facilitate remembering your login information, to allow you to save website preferences, to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners.