After its initial availability to ShopBlackBerry devices on Jan 4th, Priv users on Rogers, Telus & Bell started receiving a 16.1MB update for their beloved Android-powered device last week, updating their device to Build AAD250.
As you might remember, this update was erroneously pushed to several users just before Christmas.
Did you receive an update to Build AAD250? Notice any changes? Let us know in the comments below!
The following vulnerabilities have been remediated in this update:
|Remote Code Execution Vulnerability in Mediaserver||During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
|Elevation of Privilege Vulnerability in Setup Wizard||An elevation of privilege vulnerability in the Setup Wizard can enable an attacker with physical access to the device to gain access to device settings and perform a manual device reset.||CVE-2015-6643|
|Elevation of Privilege Vulnerability in Wi-Fi||An elevation of privilege vulnerability in the Wi-Fi component can enable a locally proximate attacker to gain access to Wi-Fi service related information. A device is only vulnerable to this issue while in local proximity.||CVE-2015-5310|
|Information Disclosure Vulnerability in Bouncy Castle||An information disclosure vulnerability in the Bouncy Castle can enable a local malicious application to gain access to user’s private information.||CVE-2015-6644|
|Denial of Service Vulnerability in SyncManager||A denial of service vulnerability in the SyncManager can enable a local malicious application to cause a reboot loop.||CVE-2015-6645|