Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2687
BlackBerry powered by Android Security Bulletin - November 2016
9 November 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BlackBery powered by Android
Publisher: BlackBerry
Operating System: BlackBerry Device
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2016-7917 CVE-2016-7916 CVE-2016-7915
CVE-2016-7914 CVE-2016-7912 CVE-2016-7911
CVE-2016-7910 CVE-2016-6828 CVE-2016-6753
CVE-2016-6752 CVE-2016-6751 CVE-2016-6750
CVE-2016-6749 CVE-2016-6748 CVE-2016-6745
CVE-2016-6744 CVE-2016-6743 CVE-2016-6742
CVE-2016-6741 CVE-2016-6740 CVE-2016-6739
CVE-2016-6738 CVE-2016-6737 CVE-2016-6729
CVE-2016-6728 CVE-2016-6727 CVE-2016-6725
CVE-2016-6724 CVE-2016-6723 CVE-2016-6722
CVE-2016-6721 CVE-2016-6720 CVE-2016-6719
CVE-2016-6717 CVE-2016-6715 CVE-2016-6714
CVE-2016-6713 CVE-2016-6712 CVE-2016-6711
CVE-2016-6710 CVE-2016-6709 CVE-2016-6707
CVE-2016-6705 CVE-2016-6704 CVE-2016-6703
CVE-2016-6698 CVE-2016-6136 CVE-2016-5300
CVE-2016-5195 CVE-2016-3907 CVE-2016-3906
CVE-2016-3904 CVE-2016-2184 CVE-2016-0718
CVE-2015-8964 CVE-2015-8963 CVE-2015-8962
CVE-2015-8961 CVE-2015-1283 CVE-2014-9675
CVE-2012-6702
Original Bulletin:
http://support.blackberry.com/kb/articleDetail?articleNumber=000038666
- --------------------------BEGIN INCLUDED TEXT--------------------
BlackBerry powered by Android Security Bulletin - November 2016
Article Number: 000038666
First Published: November 07, 2016
Last Modified: November 07, 2016
Type: Security Bulletin
Purpose of this Bulletin
BlackBerry has released a security update to address multiple vulnerabilities
in BlackBerry powered by Android smartphones. We recommend users update
to the latest available software build.
BlackBerry releases security bulletins to notify users of its Android
smartphones about available security fixes; see BlackBerry.com/bbsirt for
a complete list of monthly bulletins. This advisory is in response to the
Android Security Bulletin (November 2016) and addresses issues in that
bulletin that affect BlackBerry powered by Android smartphones.
Vulnerabilities Fixed in this Update
The following vulnerabilities have been remediated in this update:
Elevation of Privilege in Kernel Subsystem
An elevation of privilege vulnerability in the kernel memory management
subsystem could enable a local malicious application to execute arbitrary
code within the context of a privileged process.
CVE-2016-5195
Remote Code Execution Vulnerability in Android Runtime
A remote code execution vulnerability in an Android runtime library could
enable an attacker using a specially crafted payload to execute arbitrary
code in the context of an unprivileged process.
CVE-2016-6703
Elevation of Privilege Vulnerabilities in Mediaserver
Elevation of privilege vulnerabilities in mediaserver could enable a local
malicious application to execute arbitrary code within the context of a
privileged process.
CVE-2016-6704
CVE-2016-6705
Elevation of Privilege Vulnerability in System Server
An elevation of privilege vulnerability in system server could enable a
local malicious application to execute arbitrary code within the context
of a privileged process.
CVE-2016-6707
Information Disclosure Vulnerability in Conscrypt and BoringSSL
An information disclosure vulnerability in Conscrypt and BoringSSL could
enable a man-in-the middle attacker to gain access to sensitive information
if a non-standard cipher suite is used by an application.
CVE-2016-6709
Information Disclosure Vulnerability in Download Manager
An information disclosure vulnerability in the download manager could enable
a local malicious application to bypass operating system protections that
isolate application data from other applications.
CVE-2016-6710
Denial of Service Vulnerabilities in Mediaserver
Remote denial of service vulnerabilities in mediaserver could enable an
attacker to use a specially crafted file to cause a device hang or reboot.
CVE-2016-6711
CVE-2016-6712
CVE-2016-6713
CVE-2016-6714
Elevation of Privilege Vulnerability in Framework APIs
An elevation of privilege vulnerability in the Framework APIs could allow
a local malicious application to record audio without the user's permission.
CVE-2016-6715
Elevation of Privilege Vulnerability in Mediaserver
An elevation of privilege vulnerability in mediaserver could enable a
local malicious application to execute arbitrary code within the context
of a privileged process.
CVE-2016-6717
Elevation of Privilege Vulnerability in Bluetooth
An elevation of privilege vulnerability in the Bluetooth component could
enable a local malicious application to pair with any Bluetooth device
without user consent.
CVE-2016-6719
Information Disclosure Vulnerabilities in Mediaserver
Information disclosure vulnerabilities in mediaserver could enable a local
malicious application to access data outside of its permission levels.
CVE-2016-6720
CVE-2016-6721
CVE-2016-6722
Denial of Service Vulnerability in Proxy Auto Config
A denial of service vulnerability in Proxy Auto Config could enable a remote
attacker to use a specially crafted file to cause a device hang or reboot.
CVE-2016-6723
Denial of Service Vulnerability in Input Manager Service
A denial of service vulnerability in the Input Manager Service could enable
a local malicious application to cause the device to continually reboot.
CVE-2016-6724
Remote Code Execution Vulnerability in Qualcomm GPS Subsystem
A remote code execution vulnerability in the Qualcomm GPS subsystem could
enable a remote attacker to execute arbitrary code within the context of
the kernel.
CVE-2016-6727
Remote Code Execution Vulnerability in Qualcomm Crypto Driver
A remote code execution vulnerability in the Qualcomm crypto driver could
enable a remote attacker to execute arbitrary code within the context of
the kernel.
CVE-2016-6725
Elevation of Privilege Vulnerability in Kernel ION Subsystem
An elevation of privilege vulnerability in the kernel ION subsystem could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2016-6728
Elevation of Privilege Vulnerability in Qualcomm Bootloader
An elevation of privilege vulnerability in the Qualcomm bootloader could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2016-6729
Elevation of Privilege Vulnerability in Kernel Networking Subsystem
An elevation of privilege vulnerability in the kernel networking subsystem
could enable a local malicious application to execute arbitrary code within
the context of the kernel.
CVE-2016-6828
Elevation of Privilege Vulnerability in Kernel Sound Subsystem
An elevation of privilege vulnerability in the kernel sound subsystem could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2016-2184
Elevation of Privilege Vulnerabilities in Kernel File System
Elevation of privilege vulnerabilities in the kernel file system could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2016-7910
CVE-2016-7911
CVE-2015-8961
Elevation of Privilege Vulnerability in Kernel SCSI Driver
An elevation of privilege vulnerability in the kernel SCSI driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2015-8962
Elevation of Privilege Vulnerability in Kernel USB Driver
An elevation of privilege vulnerability in the kernel USB driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2016-7912
Elevation of Privilege Vulnerability in Kernel ION Subsystem
An elevation of privilege vulnerability in the kernel ION subsystem could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2016-6737
Remote Code Execution Vulnerabilities in Expat
Multiple vulnerabilities exist in the Expat library, the most severe of
which is an elevation of privilege vulnerability in the Expat XML parser,
which could enable an attacker using a specially crafted file to execute
arbitrary code in an unprivileged process.
CVE-2016-0718
CVE-2012-6702
CVE-2016-5300
CVE-2015-1283
Remote Code Execution Vulnerability in Freetype
A remote code execution vulnerability in Freetype could enable a local
malicious application to load a specially crafted font to cause memory
corruption in an unprivileged process.
CVE-2014-9675
Elevation of Privilege Vulnerability in Kernel System-call Auditing Subsystem
An elevation of privilege vulnerability in the kernel system-call auditing
subsystem could enable a local malicious application to disrupt system-call
auditing in the kernel.
CVE-2016-6136
Elevation of Privilege Vulnerability in Qualcomm Crypto Engine Driver
An elevation of privilege vulnerability in the Qualcomm crypto engine
driver could enable a local malicious application to execute arbitrary
code within the context of the kernel.
CVE-2016-6738
Elevation of Privilege Vulnerabilities in Qualcomm Camera Driver
Elevation of privilege vulnerabilities in the Qualcomm camera driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2016-6739
CVE-2016-6740
CVE-2016-6741
Elevation of Privilege Vulnerability in Qualcomm Bus Driver
An elevation of privilege vulnerability in the Qualcomm bus driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel.
CVE-2016-3904
Elevation of Privilege Vulnerabilities in Synaptics Touchscreen Driver
Elevation of privilege vulnerabilities in the Synaptics touchscreen driver
could enable a local malicious application to execute arbitrary code within
the context of the kernel.
CVE-2016-6742
CVE-2016-6743
CVE-2016-6744
CVE-2016-6745
Elevation of Privilege Vulnerability in Kernel Performance Subsystem
An elevation of privilege vulnerability in the kernel performance subsystem
could enable a local malicious application to execute arbitrary code within
the context of the kernel.
CVE-2015-8963
Information Disclosure Vulnerabilities in Kernel Components
Information disclosure vulnerabilities in kernel components including
the human interface device driver, file system, and Teletype driver,
could enable a local malicious application to access data outside of its
permission levels.
CVE-2016-7914
CVE-2015-8964
CVE-2016-7915
CVE-2016-7916
Information Disclosure Vulnerabilities in Qualcomm Components
Information disclosure vulnerabilities in Qualcomm components including
the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver
could enable a local malicious application to access data outside of its
permission levels.
CVE-2016-6748
CVE-2016-6749
CVE-2016-6750
CVE-2016-3906
CVE-2016-3907
CVE-2016-6698
CVE-2016-6751
CVE-2016-6752
Information Disclosure Vulnerabilities in Kernel Components
Information disclosure vulnerabilities in kernel components, including the
process-grouping subsystem and the networking subsystem, could enable a
local malicious application to access data outside of its permission levels.
CVE-2016-6753
CVE-2016-7917
Available Updates
An updated software version is available immediately for BlackBerry
powered by Android smartphones that have been purchased from
ShopBlackBerry.com. Updated software builds may also be available from
other retailers or carriers, dependent on their deployment schedules.
To identify an up to date software build, navigate to the Settings>About
Phone menu. Look for the following Android security patch level:
November 6, 2016
If your BlackBerry powered by Android smartphone does not have an up-to-date
software build available, please contact your retailer or carrier directly
for security maintenance release availability information.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWCKtKox+lLeg9Ub1AQjIsA/8CuYa3ZRVS5MJC4lEtmqsD7Z/ro0j3BiH
5dyN7ULFOSlI2jYX2wIllOcAFDgNd75FPRkZUzi+X5e706DK0W0Y7/1iAvGuVynp
S7qP5dAR18j42U+p8EJFineAjJv54om0x0sycKRy8W/rv+CbKot6rYFTmlQpJ5n6
Uo2and1gHxih6MA+pSbFQxyy6Gp7UFyR/I0pEnSOpJm36pX73fu/6nZloZJxpbe8
dMTi/8fN+eANBcrOx9XJcSnBD550PkhD0e4k8kSzVzUDT5iHUSCMe94ytaiJdvEF
gpNCOALOiSnha+QnMEZQC6yaUDk9vuPPwe3JjtGsrryn5KgNecGlvBY898Cw7BCb
ngb1irCjXe+FauuHtsinrYMxTJX4P8VhYp6TCoB1BfNDrQHZatfsq91XhcqsXovM
2KQNneFarIgfUdtjGqQZGhadmrBZO1PShBZb6nQZDOQro8xlsvvq/MiS/PYIPZ8a
zjrV/uaPXxYf9845A/LPKS5JHysq81jDLuh3BUKwlj/K9AWlYn1HacdLIPh1re1T
+0TbMruaHhMbo+X2TCncfZdkJ/5cLwEYVso/v/BW5JRz5HHEb7Xdt+6qRbnwEGfh
kxlRL6CYGRHVz889m9t5sDAbn0Gph5DDr8dk6jER/zvqtMvuoqZ1apiuXmQbZJJ5
mxqbsoyw9vc=
=8MCH
-----END PGP SIGNATURE-----