Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1426 BlackBerry powered by Android Security Bulletin June 2016 7 June 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BlackBerry powered by Android Publisher: BlackBerry Operating System: Android BlackBerry Device Impact/Access: Root Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-2500 CVE-2016-2499 CVE-2016-2496 CVE-2016-2495 CVE-2016-2494 CVE-2016-2493 CVE-2016-2489 CVE-2016-2488 CVE-2016-2487 CVE-2016-2486 CVE-2016-2485 CVE-2016-2484 CVE-2016-2483 CVE-2016-2482 CVE-2016-2481 CVE-2016-2480 CVE-2016-2479 CVE-2016-2478 CVE-2016-2477 CVE-2016-2476 CVE-2016-2475 CVE-2016-2469 CVE-2016-2468 CVE-2016-2465 CVE-2016-2464 CVE-2016-2463 CVE-2016-2066 CVE-2016-2062 CVE-2016-2061 Original Bulletin: http://support.blackberry.com/kb/articleDetail?articleNumber=000038209 - --------------------------BEGIN INCLUDED TEXT-------------------- BlackBerry powered by Android Security Bulletin June 2016 Article Number: 000038209 First Published: June 06, 2016 Last Modified: June 06, 2016 Type: Security Bulletin Purpose of this Bulletin BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available build, as outlined in the Available Updates section. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (June 2016) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones. Vulnerabilities Fixed in this Update The following vulnerabilities have been remediated in this update: CVE-2016-2463: Remote Code Execution Vulnerability in Mediaserver A remote code execution vulnerability in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media. CVE-2016-2464: Remote Code Execution Vulnerabilities in libwebm Remote code execution vulnerabilities with libwebm could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media. CVE-2016-2465: Elevation of Privilege Vulnerability in Qualcomm Video Driver An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2468, CVE-2016-2062: Elevation of Privilege Vulnerabilities in Qualcomm GPU Driver Elevation of privilege vulnerabilities in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2475: Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to invoke system calls changing the device settings and behavior without the privileges to do so. CVE-2016-2066, CVE-2016-2469: Elevation of Privilege Vulnerabilities in Qualcomm Sound Driver Elevation of privilege vulnerabilities in the Qualcomm sound driver could enable a malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2476, CVE-2016-2477, CVE-2016-2478, CVE-2016-2479, CVE-2016-2480, CVE-2016-2481, CVE-2016-2482, CVE-2016-2483, CVE-2016-2484, CVE-2016-2485 CVE-2016-2486, CVE-2016-2487: Elevation of Privilege Vulnerabilities in Mediaserver Elevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-2061, CVE-2016-2488: Elevation of Privilege Vulnerabilities in Qualcomm Camera Driver Elevation of privilege vulnerabilities in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2489: Elevation of Privilege Vulnerability in Qualcomm Video Driver An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2494: Elevation of Privilege Vulnerability in SD Card Emulation Layer An elevation of privilege vulnerability in the SD Card userspace emulation layer could enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-2493: Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2495: Remote Denial of Service Vulnerability in Mediaserver A remote denial of service vulnerability in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2016-2496: Elevation of Privilege Vulnerability in Framework UI An elevation of privilege vulnerability in the Framework UI permission dialog window could enable an attacker to gain access to unauthorized files in private storage. CVE-2016-2499: Information Disclosure Vulnerability in Mediaserver An information disclosure vulnerability in mediaserver could allow an application to access sensitive information. CVE-2016-2500: Information Disclosure Vulnerability in Activity Manager An information disclosure vulnerability in the Activity Manager component could allow an application to access sensitive information. Available Updates An updated software version is available immediately for BlackBerry powered by Android smartphones that have been purchased from ShopBlackBerry.com. Updated builds may also be available from other retailers or carriers, dependent on their deployment schedules. To identify an up to date build, navigate to the Settings>About Phone menu. Look for the following Android security patch level: June 1, 2016. If your BlackBerry powered by Android smartphone does not have an up-to-date build available, please contact your retailer or carrier directly for security maintenance release availability information. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV1YueIx+lLeg9Ub1AQghiw//YT9vA13PcG6tNQfVL79QlMt2GSzenUiF s5ouTly3ul1g+FRjxLSyTLObNj79HsEHq6jWG5aJwgsVhTEinUGZLfxJwPm7wkw3 CwHfq25vkuhJiQlccdn0ry7tj1h62oXOo/rlp3du3QfKbXA2dms8CGIshex6Qrip ogEd8vWNnDqgR7OSR5HSR/5QLdMNpZC7Qts00Zjw4hDhBbyrEcKckvMkat/QvwOB jZByihceobbb/b33ohc99armhRTr8/IWmaXmkIzp9nsNmqTt0zqEK2Q+6gslL6iA y+GR9e/8Ri2OpkU1Uq3WSHhRIGT5ThLTU8unhCcJm1G2IKFmsd/m1GVDAR/d8ZoP ws5faAYwAlb0fPpIt/GJG1kmxSgFi2TPN4TOpQp2jjcl/jhLmW8ccwJSihDqCPmy k2s793iOUw55eSoELGG+jEhwtQ4p/RhL70bPbm6fU+066bP6Z6BCiUB1Bx5ufubf uDDpe6wNHXNsyASYxNLgRmHn07H7oAbts2BwKhxDJ/d9Sp4qWXzYoRP+hFRv5KD6 9vdL22hND6vEu90RUeuv7FXqvmEmOaGTdwHb1rWkihxAY/dGnpD3MBvpzWLPrLao QNGi7lgkYK4oDt69/21zjvlABQAcessKMiRWNQvLblljBk3DoqWUHALvTCQywTMa OLgiFHwVO5g= =TvjN -----END PGP SIGNATURE-----