Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1680 BlackBerry powered by Android Security Bulletin July 2016 7 July 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BlackBerry powered by Android Publisher: BlackBerry Operating System: BlackBerry Device Android Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-3813 CVE-2016-3811 CVE-2016-3809 CVE-2016-3803 CVE-2016-3802 CVE-2016-3775 CVE-2016-3768 CVE-2016-3766 CVE-2016-3765 CVE-2016-3764 CVE-2016-3763 CVE-2016-3762 CVE-2016-3761 CVE-2016-3760 CVE-2016-3759 CVE-2016-3758 CVE-2016-3757 CVE-2016-3756 CVE-2016-3755 CVE-2016-3754 CVE-2016-3752 CVE-2016-3751 CVE-2016-3750 CVE-2016-3748 CVE-2016-3747 CVE-2016-3746 CVE-2016-3745 CVE-2016-3743 CVE-2016-3742 CVE-2016-3741 CVE-2016-2508 CVE-2016-2507 CVE-2016-2506 CVE-2016-2505 CVE-2016-2503 CVE-2016-2502 CVE-2016-2501 CVE-2016-2108 CVE-2016-2107 CVE-2016-2068 CVE-2016-2067 CVE-2016-0723 CVE-2015-8816 CVE-2014-9803 CVE-2014-9801 Reference: ESB-2016.1076 ESB-2016.0137 - --------------------------BEGIN INCLUDED TEXT-------------------- BlackBerry powered by Android Security Bulletin July 2016 Article Number: 000038293 First Published: July 06, 2016 Last Modified: July 06, 2016 Type: Security Bulletin Purpose of this Bulletin BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available build, as outlined in the Available Updates section. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (July 2016) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones. Vulnerabilities Fixed in this Update The following vulnerabilities have been remediated in this update: CVE-2016-2505, CVE-2016-2506, CVE-2016-2507, CVE-2016-2508, CVE-2016-3741, CVE-2016-3742, CVE-2016-3743, CVE-2016-2505, CVE-2016-2506, CVE-2016-2507, CVE-2016-2508, CVE-2016-3741, CVE-2016-3742, CVE-2016-3743: Remote Code Execution Vulnerabilities in Mediaserver Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media. CVE-2016-2108: Remote Code Execution Vulnerability in OpenSSL & BoringSSL A remote code execution vulnerability in OpenSSL and BoringSSL could enable an attacker using a specially crafted file to cause memory corruption during file and data processing. Remote Code Execution Vulnerability in Bluetooth A remote code execution vulnerability in Bluetooth could allow a proximal attacker to execute arbitrary code during the pairing process. CVE-2016-3751: Elevation of Privilege Vulnerability in libpng An elevation of privilege vulnerability in libpng could enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-3745, CVE-2016-3746, CVE-2016-3747: Elevation of Privilege Vulnerabilities in Mediaserver Elevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-3748: Elevation of Privilege Vulnerability in Sockets An elevation of privilege vulnerability in sockets could enable a local malicious application to access system calls outside of its permissions level. CVE-2016-3750: Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the Parcels Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2016-3752: Elevation of Privilege Vulnerability in ChooserTarget Service An elevation of privilege vulnerability in the ChooserTarget service could enable a local malicious application to execute code in the context of another application. CVE-2016-2107: Information Disclosure Vulnerability in OpenSSL An information disclosure vulnerability in OpenSSL could enable a remote attacker to access protected data normally only accessible to locally installed apps that request permission. CVE-2016-3754, CVE-2016-3755, CVE-2016-3756: Denial of Service Vulnerabilities in Mediaserver Denial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2016-3757: Elevation of Privilege Vulnerability in lsof An elevation of privilege vulnerability in lsof could enable a local malicious application to execute arbitrary code that could lead to a permanent device compromise. CVE-2016-3758: Elevation of Privilege Vulnerability in DexClassLoader An elevation of privilege vulnerability in the DexClassLoader could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-3759: Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to request backup permissions and intercept all backup data. CVE-2016-3760: Elevation of Privilege Vulnerability in Bluetooth An elevation of privilege vulnerability in the Bluetooth component could enable a local attacker to add an authenticated Bluetooth device that persists for the primary user. CVE-2016-3761: Elevation of Privilege Vulnerability in NFC An elevation of privilege vulnerability in NFC could enable a local malicious background application to access information from a foreground application. CVE-2016-3762: Elevation of Privilege Vulnerability in Sockets An elevation of privilege vulnerability in sockets could enable a local malicious application to gain access to certain uncommon socket types possibly leading to arbitrary code execution within the context of the kernel. CVE-2016-3763: Information Disclosure Vulnerability in Proxy Auto-Config An information disclosure vulnerability in the Proxy Auto-Config component could allow an application to access sensitive information. CVE-2016-3764, CVE-2016-3765: Information Disclosure Vulnerabilities in Mediaserver Information disclosure vulnerabilities in mediaserver could allow a local malicious application to access sensitive information. CVE-2016-3766: Denial of Service Vulnerability in Mediaserver A denial of service vulnerability in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2016-2503, CVE-2016-2067: Elevation of Privilege Vulnerabilities in Qualcomm GPU Driver Elevation of privilege vulnerabilities in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3768: Elevation of Privilege Vulnerability in Qualcomm Performance Component An elevation of privilege vulnerability in the Qualcomm performance component could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3775: Elevation of Privilege Vulnerability in Kernel File System An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-8816: Elevation of Privilege Vulnerability in USB Driver An elevation of privilege vulnerability in the USB driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-9801: Elevation of Privilege Vulnerability in Qualcomm Components An elevation of privilege vulnerability could enable a malicious application to execute code within the context of the kernel. CVE-2016-2502: Elevation of Privilege Vulnerability in Qualcomm USB Driver An elevation of privilege vulnerability in the Qualcomm USB driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2501: Elevation of Privilege Vulnerability in Qualcomm Camera Driver An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3802, CVE-2016-3803: Elevation of Privilege Vulnerabilities in Kernel File System Elevation of privilege vulnerabilities in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2068: Elevation of Privilege Vulnerability in Qualcomm Sound Driver An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-9803: Elevation of Privilege Vulnerability in Kernel An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3809: Information Disclosure Vulnerability in Networking Component An information disclosure vulnerability in the networking component could enable a local malicious application to access data outside of its permission levels. CVE-2016-3811: Elevation of Privilege Vulnerability in Kernel Video Driver An elevation of privilege vulnerability in the kernel video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3813: Information Disclosure Vulnerability in Qualcomm USB Driver An information disclosure vulnerability in the Qualcomm USB driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-0723: Information Disclosure Vulnerability in Kernel Teletype Driver An information disclosure vulnerability in the teletype driver could enable a local malicious application to access data outside of its permission levels. Available Updates An updated software version is available immediately for BlackBerry powered by Android smartphones that have been purchased from ShopBlackBerry.com. Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules. To identify an up to date software build, navigate to the Settings>About Phone menu. Look for the following Android security patch level: July 5, 2016 If your BlackBerry powered by Android smartphone does not have an up-to-date software build available, please contact your retailer or carrier directly for security maintenance release availability information. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV322fox+lLeg9Ub1AQglpg/+Kxk//wx9nyiF1xmEFdHRrPXZGKdt+LCD 4zRyb/SVz+DJCDWbGi7elW5ppSoa1fz3ZgsCEJbBy2gPQiVvh4hAN570Pm53lTSq yLZ8h+NfTMxATX/DJxNzfXWtuFJVt9bJpmUaTU6nnuKKxvxi8pgYm3nGPoHgaZT9 BkxjO/yDpGtQhdxrxjCMWYXoUMPfIKbZf9y8gCPvZtkaj/yNmrnHYPYWz6ynDsOq 5+D+pObSYXmwf3Wt6irjxpUz9HDReDBLKV1oWsn6XrRfGDIFlbHVdb8pNUXyWUTy gt63zh53dMIZQjh2vniQTCB1Ic3b5dKEZwGZ63WN7mpmXL6bZW5W//tf/4BInZf+ vwScLpTEMucNFqbl/eoQ2OWDXoosOAaV4VAoQUHHSvygLKmU6r7va61/UHm/KTWW ycom+Fs7RQ9CNGmyOBnUtVU2DFF3oLztc1VENG9TNQKWSszkANgwGcLGs05g98fT Kdh/k5kiKVdkCrEIYDj6sVozXZxoZOv+3zBY6Lq/tP/zj/VPrv0d7l3J4aBewDu2 hKgJhFz2Wy+Q9bPqn11cHJswdB97cDFaeGbxf50gIfzZYbTQRtrVL4UIT/varbc7 cCb9p4YG4p3x+l1cs7L5wGfpqIjblHRTZIDO+901mKea7Q7q7caY16PWND1yiUwt Rmma6Nz6Ljs= =DCpl -----END PGP SIGNATURE-----