Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.1680
BlackBerry powered by Android Security Bulletin July 2016
7 July 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BlackBerry powered by Android
Publisher: BlackBerry
Operating System: BlackBerry Device
Android
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Remote with User Interaction
Access Privileged Data -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2016-3813 CVE-2016-3811 CVE-2016-3809
CVE-2016-3803 CVE-2016-3802 CVE-2016-3775
CVE-2016-3768 CVE-2016-3766 CVE-2016-3765
CVE-2016-3764 CVE-2016-3763 CVE-2016-3762
CVE-2016-3761 CVE-2016-3760 CVE-2016-3759
CVE-2016-3758 CVE-2016-3757 CVE-2016-3756
CVE-2016-3755 CVE-2016-3754 CVE-2016-3752
CVE-2016-3751 CVE-2016-3750 CVE-2016-3748
CVE-2016-3747 CVE-2016-3746 CVE-2016-3745
CVE-2016-3743 CVE-2016-3742 CVE-2016-3741
CVE-2016-2508 CVE-2016-2507 CVE-2016-2506
CVE-2016-2505 CVE-2016-2503 CVE-2016-2502
CVE-2016-2501 CVE-2016-2108 CVE-2016-2107
CVE-2016-2068 CVE-2016-2067 CVE-2016-0723
CVE-2015-8816 CVE-2014-9803 CVE-2014-9801
Reference: ESB-2016.1076
ESB-2016.0137
- --------------------------BEGIN INCLUDED TEXT--------------------
BlackBerry powered by Android Security Bulletin July 2016
Article Number: 000038293
First Published: July 06, 2016
Last Modified: July 06, 2016
Type: Security Bulletin
Purpose of this Bulletin
BlackBerry has released a security update to address multiple vulnerabilities
in BlackBerry powered by Android smartphones. We recommend users update to the
latest available build, as outlined in the Available Updates section.
BlackBerry releases security bulletins to notify users of its Android
smartphones about available security fixes; see BlackBerry.com/bbsirt for a
complete list of monthly bulletins. This advisory is in response to the
Android Security Bulletin (July 2016) and addresses issues in that bulletin
that affect BlackBerry powered by Android smartphones.
Vulnerabilities Fixed in this Update
The following vulnerabilities have been remediated in this update:
CVE-2016-2505, CVE-2016-2506, CVE-2016-2507, CVE-2016-2508, CVE-2016-3741,
CVE-2016-3742, CVE-2016-3743, CVE-2016-2505, CVE-2016-2506, CVE-2016-2507,
CVE-2016-2508, CVE-2016-3741, CVE-2016-3742, CVE-2016-3743:
Remote Code Execution Vulnerabilities in Mediaserver
Remote code execution vulnerabilities in mediaserver could enable an attacker
using a specially crafted file to cause memory corruption during media file
and data processing.
The affected functionality is provided as a core part of the operating system
and there are multiple applications that allow it to be reached with remote
content, most notably MMS and browser playback of media.
CVE-2016-2108:
Remote Code Execution Vulnerability in OpenSSL & BoringSSL
A remote code execution vulnerability in OpenSSL and BoringSSL could enable an
attacker using a specially crafted file to cause memory corruption during file
and data processing.
Remote Code Execution Vulnerability in Bluetooth
A remote code execution vulnerability in Bluetooth could allow a proximal
attacker to execute arbitrary code during the pairing process.
CVE-2016-3751:
Elevation of Privilege Vulnerability in libpng
An elevation of privilege vulnerability in libpng could enable a local
malicious application to execute arbitrary code within the context of an
elevated system application.
CVE-2016-3745, CVE-2016-3746, CVE-2016-3747:
Elevation of Privilege Vulnerabilities in Mediaserver
Elevation of privilege vulnerabilities in mediaserver could enable a local
malicious application to execute arbitrary code within the context of an
elevated system application.
CVE-2016-3748:
Elevation of Privilege Vulnerability in Sockets
An elevation of privilege vulnerability in sockets could enable a local
malicious application to access system calls outside of its permissions level.
CVE-2016-3750:
Elevation of Privilege Vulnerability in Framework APIs
An elevation of privilege vulnerability in the Parcels Framework APIs could
enable a local malicious application to bypass operating system protections
that isolate application data from other applications.
CVE-2016-3752:
Elevation of Privilege Vulnerability in ChooserTarget Service
An elevation of privilege vulnerability in the ChooserTarget service could
enable a local malicious application to execute code in the context of another
application.
CVE-2016-2107:
Information Disclosure Vulnerability in OpenSSL
An information disclosure vulnerability in OpenSSL could enable a remote
attacker to access protected data normally only accessible to locally
installed apps that request permission.
CVE-2016-3754, CVE-2016-3755, CVE-2016-3756:
Denial of Service Vulnerabilities in Mediaserver
Denial of service vulnerabilities in mediaserver could enable an attacker to
use a specially crafted file to cause a device hang or reboot.
CVE-2016-3757:
Elevation of Privilege Vulnerability in lsof
An elevation of privilege vulnerability in lsof could enable a local malicious
application to execute arbitrary code that could lead to a permanent device
compromise.
CVE-2016-3758:
Elevation of Privilege Vulnerability in DexClassLoader
An elevation of privilege vulnerability in the DexClassLoader could enable a
local malicious application to execute arbitrary code within the context of a
privileged process.
CVE-2016-3759:
Elevation of Privilege Vulnerability in Framework APIs
An elevation of privilege vulnerability in the Framework APIs could enable a
local malicious application to request backup permissions and intercept all
backup data.
CVE-2016-3760:
Elevation of Privilege Vulnerability in Bluetooth
An elevation of privilege vulnerability in the Bluetooth component could
enable a local attacker to add an authenticated Bluetooth device that persists
for the primary user.
CVE-2016-3761:
Elevation of Privilege Vulnerability in NFC
An elevation of privilege vulnerability in NFC could enable a local malicious
background application to access information from a foreground application.
CVE-2016-3762:
Elevation of Privilege Vulnerability in Sockets
An elevation of privilege vulnerability in sockets could enable a local
malicious application to gain access to certain uncommon socket types possibly
leading to arbitrary code execution within the context of the kernel.
CVE-2016-3763:
Information Disclosure Vulnerability in Proxy Auto-Config
An information disclosure vulnerability in the Proxy Auto-Config component
could allow an application to access sensitive information.
CVE-2016-3764, CVE-2016-3765:
Information Disclosure Vulnerabilities in Mediaserver
Information disclosure vulnerabilities in mediaserver could allow a local
malicious application to access sensitive information.
CVE-2016-3766:
Denial of Service Vulnerability in Mediaserver
A denial of service vulnerability in mediaserver could enable an attacker to
use a specially crafted file to cause a device hang or reboot.
CVE-2016-2503, CVE-2016-2067:
Elevation of Privilege Vulnerabilities in Qualcomm GPU Driver
Elevation of privilege vulnerabilities in the Qualcomm GPU driver could enable
a local malicious application to execute arbitrary code within the context of
the kernel.
CVE-2016-3768:
Elevation of Privilege Vulnerability in Qualcomm Performance Component
An elevation of privilege vulnerability in the Qualcomm performance component
could enable a local malicious application to execute arbitrary code within
the context of the kernel.
CVE-2016-3775:
Elevation of Privilege Vulnerability in Kernel File System
An elevation of privilege vulnerability in the kernel file system could enable
a local malicious application to execute arbitrary code within the context of
the kernel.
CVE-2015-8816:
Elevation of Privilege Vulnerability in USB Driver
An elevation of privilege vulnerability in the USB driver could enable a local
malicious application to execute arbitrary code within the context of the
kernel.
CVE-2014-9801:
Elevation of Privilege Vulnerability in Qualcomm Components
An elevation of privilege vulnerability could enable a malicious application
to execute code within the context of the kernel.
CVE-2016-2502:
Elevation of Privilege Vulnerability in Qualcomm USB Driver
An elevation of privilege vulnerability in the Qualcomm USB driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2016-2501:
Elevation of Privilege Vulnerability in Qualcomm Camera Driver
An elevation of privilege vulnerability in the Qualcomm camera driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2016-3802, CVE-2016-3803:
Elevation of Privilege Vulnerabilities in Kernel File System
Elevation of privilege vulnerabilities in the kernel file system could enable
a local malicious application to execute arbitrary code within the context of
the kernel.
CVE-2016-2068:
Elevation of Privilege Vulnerability in Qualcomm Sound Driver
An elevation of privilege vulnerability in the Qualcomm sound driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2014-9803:
Elevation of Privilege Vulnerability in Kernel
An elevation of privilege vulnerability in the kernel could enable a local
malicious application to execute arbitrary code within the context of the
kernel.
CVE-2016-3809:
Information Disclosure Vulnerability in Networking Component
An information disclosure vulnerability in the networking component could
enable a local malicious application to access data outside of its permission
levels.
CVE-2016-3811:
Elevation of Privilege Vulnerability in Kernel Video Driver
An elevation of privilege vulnerability in the kernel video driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2016-3813:
Information Disclosure Vulnerability in Qualcomm USB Driver
An information disclosure vulnerability in the Qualcomm USB driver could
enable a local malicious application to access data outside of its permission
levels.
CVE-2016-0723:
Information Disclosure Vulnerability in Kernel Teletype Driver
An information disclosure vulnerability in the teletype driver could enable a
local malicious application to access data outside of its permission levels.
Available Updates
An updated software version is available immediately for BlackBerry powered by
Android smartphones that have been purchased from ShopBlackBerry.com. Updated
software builds may also be available from other retailers or carriers,
dependent on their deployment schedules.
To identify an up to date software build, navigate to the Settings>About Phone
menu. Look for the following Android security patch level:
July 5, 2016
If your BlackBerry powered by Android smartphone does not have an up-to-date
software build available, please contact your retailer or carrier directly for
security maintenance release availability information.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV322fox+lLeg9Ub1AQglpg/+Kxk//wx9nyiF1xmEFdHRrPXZGKdt+LCD
4zRyb/SVz+DJCDWbGi7elW5ppSoa1fz3ZgsCEJbBy2gPQiVvh4hAN570Pm53lTSq
yLZ8h+NfTMxATX/DJxNzfXWtuFJVt9bJpmUaTU6nnuKKxvxi8pgYm3nGPoHgaZT9
BkxjO/yDpGtQhdxrxjCMWYXoUMPfIKbZf9y8gCPvZtkaj/yNmrnHYPYWz6ynDsOq
5+D+pObSYXmwf3Wt6irjxpUz9HDReDBLKV1oWsn6XrRfGDIFlbHVdb8pNUXyWUTy
gt63zh53dMIZQjh2vniQTCB1Ic3b5dKEZwGZ63WN7mpmXL6bZW5W//tf/4BInZf+
vwScLpTEMucNFqbl/eoQ2OWDXoosOAaV4VAoQUHHSvygLKmU6r7va61/UHm/KTWW
ycom+Fs7RQ9CNGmyOBnUtVU2DFF3oLztc1VENG9TNQKWSszkANgwGcLGs05g98fT
Kdh/k5kiKVdkCrEIYDj6sVozXZxoZOv+3zBY6Lq/tP/zj/VPrv0d7l3J4aBewDu2
hKgJhFz2Wy+Q9bPqn11cHJswdB97cDFaeGbxf50gIfzZYbTQRtrVL4UIT/varbc7
cCb9p4YG4p3x+l1cs7L5wGfpqIjblHRTZIDO+901mKea7Q7q7caY16PWND1yiUwt
Rmma6Nz6Ljs=
=DCpl
-----END PGP SIGNATURE-----