• March Security Patch Update Being Pushed To Priv



    Another month, another update. Users who purchased their PRIV through ShopBlackBerry received a 17.2MB update for their beloved Android-powered device this morning, updating their device to Build AAE016.

    You can expect the majority of carriers to push this update over the coming weeks.

    The changelog is very limited at this time, but we will make sure to pass along any additional information we receive.

    Did you receive an update to Build AAE016? Notice any changes? Let us know in the comments below!

    Update (03/07/2016):
    The following vulnerabilities have been remediated in this update:

    Summary Description CVE
    Remote Code Execution Vulnerability in Mediaserver During media file and data processing of a specially crafted file, a vulnerability in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
    The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
    CVE-2016-0815
    Remote Code Execution Vulnerabilities in libvpx There are multiple vulnerabilities in libvpx that could allow remote code execution in the privileged process mediaserver. CVE-2016-1621
    Elevation of Privilege Vulnerability in Conscrypt An elevation of privilege vulnerability in the Conscrypt component can enable a man in the middle to intercept, manipulate, and inject arbitrary content on an encrypted communication leading to remote code execution. CVE-2016-0818
    Elevation of Privilege Vulnerability in Keyring Component An elevation of privilege vulnerability in the Kernel Keyring Component can enable a local malicious application to execute arbitrary code within the kernel. CVE-2016-0728
    Mitigation Bypass Vulnerability in the Kernel A mitigation bypass vulnerability in the kernel can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. CVE-2016-0821
    Information Disclosure Vulnerability in Kernel An information disclosure vulnerability in the kernel can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. CVE-2016-0823
    Elevation of Privilege Vulnerabilities in Mediaserver Elevation of privilege vulnerabilities in mediaserver can enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-0826
    CVE-2016-0827
    Information Disclosure Vulnerabilities in Mediaserver Information disclosure vulnerabilities in mediaserver can permit a bypass of security measures in place to increase the difficulty of attackers exploiting the platform. CVE-2016-0828
    CVE-2016-0829
    Information Disclosure Vulnerability in Telephony An information disclosure vulnerability in the Telephony component could allow an application to access sensitive information. CVE-2016-0831
    Elevation of Privilege Vulnerability in Setup Wizard A vulnerability in the Setup Wizard could enable an attacker who had physical access to the device to gain access to device settings and perform a manual device reset. CVE-2016-0832


    comments powered by Disqus
  • Recent Comments

  • Most Commented

    The most commented articles on BlackBerryOS over the past 24 hours.
  • Recent Forum Posts

    tarynjames

    BBM

    Is there anyway that i can change bbm on my blackberry passport to the bbm version on android phones.....my mum has a samsung and i much prefer the bbm

    tarynjames 08-17-2017, 04:13 AM Go to last post
    tarynjames

    BBM feeds not working

    i have a blackberry passport and i swiped the phone. i have been using bbm fine for a few weeks but now all of a sudden, only peoples status's are changing

    tarynjames 08-17-2017, 04:13 AM Go to last post
    Absinthe

    How-To Recover A Nuked Blackberry - with Pictures

    Hi - If I do this, is all my data (schedule, phone book) lost? Can it be salvaged?

    Absinthe 08-16-2017, 10:31 AM Go to last post
    tarynjames

    BBM

    Is there anyway that i can change bbm on my blackberry to the bbm version on android phones.....my mum has a samsung and i much prefer the bbm on her

    tarynjames 08-16-2017, 05:09 AM Go to last post
    tarynjames

    BBM feeds not working

    i have a blackberry passport and i swiped the phone. i have been using bbm fine for a few weeks but now all of a sudden, only peoples status's are changing

    tarynjames 08-16-2017, 05:07 AM Go to last post
  • BlackBerryOS.com Weekly Poll

    WILL YOU BE PURCHASING THE ANDROID POWERED BLACKBERRY NEON/DTEK50? (Votes: 38)

    1. Yes (Votes: 17)

    2. No (Votes: 17)

    3. Undecided (Votes: 4)