-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.0855
        BlackBerry Powered by Android Security Bulletin April 2016
                               6 April 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BlackBerry powered by Android
Publisher:         BlackBerry
Operating System:  Android
                   BlackBerry Device
Impact/Access:     Root Compromise                 -- Remote with User Interaction
                   Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Increased Privileges            -- Remote/Unauthenticated      
                   Access Privileged Data          -- Remote with User Interaction
                   Denial of Service               -- Remote/Unauthenticated      
                   Provide Misleading Information  -- Remote/Unauthenticated      
                   Unauthorised Access             -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-2427 CVE-2016-2426 CVE-2016-2424
                   CVE-2016-2423 CVE-2016-2422 CVE-2016-2421
                   CVE-2016-2417 CVE-2016-2416 CVE-2016-2415
                   CVE-2016-2414 CVE-2016-2413 CVE-2016-2412
                   CVE-2016-2411 CVE-2016-2410 CVE-2016-1503
                   CVE-2016-0850 CVE-2016-0849 CVE-2016-0848
                   CVE-2016-0847 CVE-2016-0846 CVE-2016-0844
                   CVE-2016-0841 CVE-2016-0838 CVE-2016-0837
                   CVE-2015-1805  

Reference:         ESB-2016.0777
                   ESB-2015.1440
                   ASB-2016.0034

Original Bulletin: 
   http://support.blackberry.com/kb/articleDetail?articleNumber=000038099

- --------------------------BEGIN INCLUDED TEXT--------------------

BlackBerry Powered by Android Security Bulletin April 2016

Article Number: 000038099

First Published: April 04, 2016

Last Modified: April 04, 2016

Type: Security Bulletin

Purpose of this Bulletin

BlackBerry has released a security update to address multiple vulnerabilities
in BlackBerry powered by Android smartphones. We recommend users update to the
latest available build, as outlined in the Available Updates section.

BlackBerry releases security bulletins to notify users of its Android 
smartphones about available security fixes; see BlackBerry.com/bbsirt for a 
complete list of monthly bulletins. This advisory is in response to the Nexus
Security Bulletin (April 2016) and addresses issues in that bulletin that 
affect BlackBerry powered by Android smartphones.

Vulnerabilities Fixed in this Update

CVE-2016-1503:

Remote Code Execution Vulnerability in DHCPD

A vulnerability in the Dynamic Host Configuration Protocol service could 
enable an attacker to cause memory corruption, which could lead to remote code
execution.

CVE-2016-0837, CVE-2016-0838, CVE-2016-0841:

Remote Code Execution Vulnerabilities in Mediaserver

During media file and data processing of a specially crafted file, 
vulnerabilities in mediaserver could allow an attacker to cause memory 
corruption and remote code execution as the mediaserver process.

The affected functionality is provided as a core part of the operating system
and there are multiple applications that allow it to be reached with remote 
content, most notably MMS and browser playback of media.

CVE-2016-0844:

Elevation of Privilege Vulnerability in Qualcomm RF component

A vulnerability in the Qualcomm RF driver could enable a local malicious 
application to execute arbitrary code within the context of the kernel.

CVE-2016-0846:

Elevation of Privilege Vulnerability in IMemory Native Interface

An elevation of privilege vulnerability in the IMemory Native Interface could
enable a local malicious application to execute arbitrary code within the 
context of an elevated system application.

CVE-2016-0847:

Elevation of Privilege Vulnerability in Telecom Component

An elevation of privilege vulnerability in the Telecom Component could enable
an attacker to spoof calls to appear from any arbitrary number.

CVE-2016-0848:

Elevation of Privilege Vulnerability in Download Manager

An elevation of privilege vulnerability in the Download Manager could enable 
an attacker to gain access to unauthorized files in private storage.

CVE-2016-0849:

Elevation of Privilege Vulnerability in Recovery Procedure

An elevation of privilege vulnerability in the Recovery Procedure could enable
a local malicious application to execute arbitrary code within the context of
an elevated system application.

CVE-2016-0850:

Elevation of Privilege Vulnerability in Bluetooth

An elevation of privilege vulnerability in Bluetooth could enable an untrusted
device to pair with the phone during the initial pairing process. This could 
lead to unauthorized access of the device resources, such as the Internet 
Connection.

CVE-2016-2410:

Elevation of Privilege Vulnerability in a Qualcomm Video Kernel Driver

An elevation of privilege vulnerability in a Qualcomm video kernel driver 
could enable a local malicious application to execute arbitrary code within 
the context of the kernel.

CVE-2016-2411:

Elevation of Privilege Vulnerability in Qualcomm Power Management component

An elevation of privilege vulnerability in a Qualcomm Power Management kernel
driver could enable a local malicious application to execute arbitrary code 
within the context of the kernel.

CVE-2016-2412:

Elevation of Privilege Vulnerability in System_server

An elevation of privilege vulnerability in System_server could enable a local
malicious application to execute arbitrary code within the context of an 
elevated system application.

CVE-2016-2413:

Elevation of Privilege Vulnerability in Mediaserver

An elevation of privilege vulnerability in mediaserver could enable a local 
malicious application to execute arbitrary code within the context of an 
elevated system application.

CVE-2016-2414:

Denial of Service Vulnerability in Minikin

A denial of service vulnerability in the Minikin library could allow a local 
attacker to temporarily block access to an affected device. An attacker could
cause an untrusted font to be loaded and cause an overflow in the Minikin 
component which leads to a crash.

CVE-2016-2415:

Information Disclosure Vulnerability in Exchange ActiveSync

An information disclosure vulnerability in Exchange ActiveSync could enable a
local malicious application to gain access to user's private information.

CVE-2016-2416, CVE-2016-2417:

Information Disclosure Vulnerabilities in Mediaserver

Information disclosure vulnerabilities in mediaserver could permit a bypass of
security measures in place to increase the difficulty of attackers exploiting
the platform.

CVE-2016-2421:

Elevation of Privilege Vulnerability in Setup Wizard

A vulnerability in the Setup Wizard could allow a malicious attacker to bypass
the Factory Reset Protection and gain access to the device.

CVE-2016-2422:

Elevation of Privilege Vulnerability in Wi-Fi

An elevation of privilege vulnerability in Wi-Fi could enable a local 
malicious application to execute arbitrary code within the context of an 
elevated system application.

CVE-2016-2423:

Elevation of Privilege Vulnerability in Telephony

A vulnerability in Telephony could allow a malicious attacker to bypass the 
Factory Reset Protection and gain access to the device.

CVE-2016-2424:

Denial of Service Vulnerability in SyncStorageEngine

A denial of service vulnerability in the SyncStorageEngine could enable a 
local malicious application to cause a reboot loop.

CVE-2016-2426:

Information Disclosure Vulnerability in Framework

An information disclosure vulnerability in the Framework component could allow
an application to access sensitive information.

CVE-2016-2427:

Information Disclosure Vulnerability in BouncyCastle

An information disclosure vulnerability in BouncyCastle could allow an 
authentication key to be leaked.

CVE-2015-1805:

Elevation of Privilege Vulnerability in the Kernel

An elevation of privilege vulnerability in the kernel could enable a local 
malicious application to execute arbitrary code within the context of the 
kernel.

Available Updates

An updated software version is available immediately for BlackBerry Powered by
Android smartphones that have been purchased from ShopBlackBerry.com. The 
updated software version can be identified with the following build ID:

Build AAE298

If your BlackBerry Powered by Android smartphone was purchased from a source 
other than ShopBlackBerry.com, please contact that retailer or carrier 
directly for security maintenance release availability information.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVwR/D36ZAP0PgtI9AQKiaBAAk06LtyQHpxlbwS9FI1Q6KuLxkUN98Fh+
3skOv79jdAircvxRFFvnttbMLS/03Aftj5I89yLlJ8uqvmcH3So8Vh0dvNmti1Rp
ULYmKZIkcvCMQwX4kC5tn0j6fwes+RIg/Yl6IpCKiym83L/L0qKMCNqvvLnR7mKY
2RltdSQVgzoMw4L9kYEX2iWJWt21H+eNw/Rydw4gJyH/zELFhZSPkQaPuMMoKiS7
+tc1dJf1I50Etp7gCYmzzNODF8YHUgu2Cag0NrHPu23oZtDhNNWGEdv3MOo5kUKN
FgqaTQQG9DEh96+jY4VhF3vW9wcwzaWu6WlIyA4HvN6RVKDIUMaW46Ags77hB68z
jfSTwxPKa9uTWcSQCiNRqkCqIYQE8MWngsfJo3VJaiR0KdArbzGUwSXKgamV2WJp
esfkzjuzExXnUf/lRrI77LiRtXEskEmkd7CDvyPfF/7AWJGafb9ZCPo9xlVNhTXw
O3u316djDM1Y6ucV9BIEzjUQY5hyAIvGuPO2HKnuUdzBydKv+JB9QOPbJQCShUx1
jczRkpBQqlhO1jDAz/l2SF2VuNwy6gwV1waRKWm+AriKjmE+C3bql7O46TYjyUX0
75FaVR+rXLRMUI8GE5Z5+AtXwngRBfYJkOQxUp6BoAHJCPXxE8GMl6bX48x/p2W0
7jBx7AI/uy8=
=/V8X
-----END PGP SIGNATURE-----