Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

      BlackBerry powered by Android Security Bulletin - January 2016
                              5 January 2016


        AusCERT Security Bulletin Summary

Product:           BlackBerry powered by Android
Publisher:         BlackBerry
Operating System:  BlackBerry Device
Impact/Access:     Increased Privileges            -- Remote/Unauthenticated      
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-6645 CVE-2015-6644 CVE-2015-6643
                   CVE-2015-6636 CVE-2015-5310 

Reference:         ESB-2015.2807

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

BlackBerry powered by Android Security Bulletin January 2016

Article Number: 000037749 

First Published: January 04, 2016 

Last Modified: January 04, 2016 

Type: Security Bulletin

Purpose of this Bulletin

BlackBerry has released a security update to address multiple vulnerabilities
in BlackBerry powered by Android smartphones. We recommend that users update 
to the latest available build, as outlined in the Available Updates section.

BlackBerry releases security bulletins to notify users of its Android 
smartphones about available security fixes; see BlackBerry.com/bbsirt for a 
complete list of monthly bulletins. This advisory is in response to the Nexus
Security Bulletin (January 2016) and addresses the issues in that bulletin 
that affect BlackBerry powered by Android smartphones.

Vulnerabilities Fixed in this Update

The following vulnerabilities have been remediated in this update:

Summary	 							Description	 								CVE

Remote Code Execution Vulnerability in Mediaserver		During media file and data processing of a specially crafted file, 		CVE-2015-6636
								vulnerabilities in mediaserver could allow an attacker to cause
								memory corruption and remote code execution as the
								mediaserver process.
								The affected functionality is provided as a core part of the
								operating system and there are multiple applications that allow
								it to be reached with remote content, most notably MMS and
								browser playback of media.

 Elevation of Privilege Vulnerability in Setup Wizard		An elevation of privilege vulnerability in the Setup Wizard can			CVE-2015-6643
								enable an attacker with physical access to the device to gain
								access to device settings and perform a manual device reset.

Elevation of Privilege Vulnerability in Wi-Fi			An elevation of privilege vulnerability in the Wi-Fi component			CVE-2015-5310
								can enable a locally proximate attacker to gain access to Wi-Fi
								service related information. A device is only vulnerable to this
								issue while in local proximity.

Information Disclosure Vulnerability in Bouncy Castle		An information disclosure vulnerability in the Bouncy Castle can		CVE-2015-6644
								enable a local malicious application to gain access to user's
								private information.

Denial of Service Vulnerability in SyncManager			A denial of service vulnerability in the SyncManager can enable a		CVE-2015-6645
								local malicious application to cause a reboot loop.

Available Updates

An updated software version is available immediately for BlackBerry Powered by
Android smartphones that have been purchased from ShopBlackBerry.com. The 
updated software version can be identified with the following build ID:

Build AAD250

If your BlackBerry Powered by Android smartphone was purchased from a source 
other than ShopBlackBerry.com, please contact that retailer or carrier 
directly for security maintenance release availability information.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967