Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1866 BlackBerry powered by Android Security Bulletin August 2016 2 August 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BlackBerry powered by Android Publisher: BlackBerry Operating System: BlackBerry Device Android Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-4578 CVE-2016-4569 CVE-2016-4482 CVE-2016-3857 CVE-2016-3855 CVE-2016-3853 CVE-2016-3850 CVE-2016-3849 CVE-2016-3843 CVE-2016-3842 CVE-2016-3841 CVE-2016-3840 CVE-2016-3839 CVE-2016-3838 CVE-2016-3837 CVE-2016-3836 CVE-2016-3835 CVE-2016-3834 CVE-2016-3833 CVE-2016-3832 CVE-2016-3831 CVE-2016-3830 CVE-2016-3829 CVE-2016-3828 CVE-2016-3827 CVE-2016-3826 CVE-2016-3825 CVE-2016-3824 CVE-2016-3823 CVE-2016-3822 CVE-2016-3821 CVE-2016-3820 CVE-2016-3819 CVE-2016-2544 CVE-2016-2504 CVE-2016-2497 CVE-2015-2686 CVE-2014-9904 CVE-2014-9903 Reference: ESB-2016.1665 ESB-2016.0579 ASB-2016.0079 Original Bulletin: http://support.blackberry.com/kb/articleDetail?articleNumber=000038360 - --------------------------BEGIN INCLUDED TEXT-------------------- BlackBerry powered by Android Security Bulletin August 2016 Article Number: 000038360 First Published: August 01, 2016 Last Modified: August 01, 2016 Type: Security Bulletin Purpose of this Bulletin BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available build, as outlined in the Available Updates section. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (August 2016) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones. Vulnerabilities Fixed in this Update The following vulnerabilities have been remediated in this update: CVE-2016-3819, CVE-2016-3820, CVE-2016-3821: Remote Code Execution Vulnerabilities in Mediaserver Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media. CVE-2016-3822: Remote Code Execution Vulnerability in libjhead A remote code execution vulnerability in libjhead could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. CVE-2016-3823, CVE-2016-3824, CVE-2016-3825, CVE-2016-3826: Elevation of Privilege Vulnerabilities in Mediaserver Elevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-3827, CVE-2016-3828, CVE-2016-3829, CVE-2016-3830: Denial of Service Vulnerabilities in Mediaserver Denial of service vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause a device hang or reboot. CVE-2016-3831: Denial of Service Vulnerability in System Clock A denial of service vulnerability in the system clock could enable a remote attacker to crash the device. CVE-2016-3832: Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2016-3833: Elevation of Privilege Vulnerability in Shell An elevation of privilege in the Shell could enable a local malicious application to bypass device constraints such as user restrictions. CVE-2016-3834: Information Disclosure Vulnerability in Camera APIs An information disclosure vulnerability in the camera APIs could allow a local malicious application to access data outside of its permission levels. CVE-2016-3835: Information Disclosure Vulnerability in Mediaserver An information disclosure vulnerability in mediaserver could allow a local malicious application to access data outside of its permission levels. CVE-2016-3836: Information Disclosure Vulnerability in SurfaceFlinger An information disclosure vulnerability in the SurfaceFlinger service could enable a local malicious application to access data outside of its permission levels. CVE-2016-3837: Information Disclosure Vulnerability in Wi-Fi An information disclosure vulnerability in Wi-Fi could allow a local malicious application to access data outside of its permission levels. CVE-2016-3838: Denial of Service Vulnerability in System UI A denial of service vulnerability in the system UI could enable a local malicious application to prevent 911 calls from a locked screen. CVE-2016-3839: Denial of Service Vulnerability in Bluetooth A denial of service vulnerability in Bluetooth could enable a local malicious application to prevent 911 calls from a Bluetooth device. CVE-2016-3840: Remote Code Execution Vulnerability in Conscrypt A remote code execution vulnerability in Conscrypt could enable a remote attacker to execute arbitrary code within the context of a privileged process. CVE-2015-2686, CVE-2016-3841: Elevation of Privilege Vulnerabilities in Kernel Networking Component Elevation of privilege vulnerabilities in the kernel networking component could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2504, CVE-2016-3842: Elevation of Privilege Vulnerabilities in Qualcomm GPU driver Elevation of privilege vulnerabilities in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3843: Elevation of Privilege Vulnerabilities in Qualcomm Performance Component Elevation of privilege vulnerabilities in the Qualcomm performance component could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3857: Elevation of Privilege Vulnerability in Kernel An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2544, CVE-2014-9904: Elevation of Privilege Vulnerabilities in Kernel Sound Component Elevation of privilege vulnerabilities in the kernel sound component could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3849: Elevation of Privilege Vulnerability in ION Driver An elevation of privilege vulnerability in the ION driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3850: Elevation of Privilege Vulnerability in Qualcomm Bootloader An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3843: Elevation of Privilege Vulnerability in Kernel Performance Subsystem An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-9903: Information Disclosure Vulnerability in Kernel Scheduler An information disclosure vulnerability in the kernel scheduler could enable a local malicious application to access data outside of its permission levels. CVE-2016-4482: Information Disclosure Vulnerability in USB driver An information disclosure vulnerability in the USB driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-3853: Elevation of Privilege Vulnerability in Google Play Services An elevation of privilege vulnerability in Google Play services could allow a local attacker to bypass the Factory Reset Protection and gain access to the device. CVE-2016-2497: Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the framework APIs could enable a pre-installed application to increase its intent filter priority when the application is being updated without the user being notified. CVE-2016-4578: Information Disclosure Vulnerability in Kernel Networking Component An information disclosure vulnerability in the kernel networking component could enable a local malicious application to access data outside of its permission levels. CVE-2016-4569, CVE-2016-4578: Information Disclosure Vulnerabilities in Kernel Sound Component Information disclosure vulnerabilities in the kernel sound component could enable a local malicious application to access data outside of its permission levels. CVE-2016-3855: Vulnerability in Qualcomm Components A vulnerability in the thermal driver can result in a local malicious application being able to corrupt memory, possibly resulting in a temporary denial of service. Available Updates An updated software version is available immediately for BlackBerry powered by Android smartphones that have been purchased from ShopBlackBerry.com. Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules. To identify an up to date software build, navigate to the Settings>About Phone menu. Look for the following Android security patch level: August 5, 2016 If your BlackBerry powered by Android smartphone does not have an up-to-date software build available, please contact your retailer or carrier directly for security maintenance release availability information. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV5/+pYx+lLeg9Ub1AQia4A/+LHhd9XmJnG37UAEaGVCtnfo+UzUfwzEG YP64MXHflw0HQ1QAEC2HrnkGB6wvWe8RjpGttaaWU/P1I/5S+/a8jnP/3YQnvajJ O1hh4cYVnS1/2jxiwhGDO42Fm4zJHRIhMO2L4WuZ3nPCduLTO+3rC0px5d36WFMp j9N1mOmK4GC0qxZyvma+sdjzi3oQtAhOnwTrW/4iFpoTjjiQvOREhF9HlkRcXgwm apFy+LnA+7FA6/Leb/Ktt3M8FPJ/ZKjgNaBAJcKG8m23heJCnK5AeiwOb6pzudlu 03FJthMJQUxuV2E+27WIDVo5Z8QsiI0uw9G5RWuWw0HBVkKvQkmAMLlCk1M+Cg9n wWWlgXEutKeZoXXVqsrBYFTukqEaOeIXlALXtK6FOcVbRo/zdDASZsS1+Ox9gSJh UQtYv9PQ4ZWOLYaF/yOYiRhIKCYXjnN9eGeyN2AU9BNXsRsd9JDiK0FeW1SrvmVX KjMj5naCf+poyzTpm6VSy6oQC/tYNP2espPI2Zx6SYz63Ng2j1ke9z/U7nbYpywC yOoSKNJ2OR3iWRcOCNTth+8TXY9qIwSTmc74bCmEkV0Y/zSiszRnH1sd6wKVsc6P 3RJGKRYiE36Vsd/2uobRD67L21Eyb5B0tt2DWIlgXZwaHL5JXEh9gF1RE0ehQpEC YWVVkTng3ZA= =8xTf -----END PGP SIGNATURE-----