Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2687 BlackBerry powered by Android Security Bulletin - November 2016 9 November 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BlackBery powered by Android Publisher: BlackBerry Operating System: BlackBerry Device Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-7917 CVE-2016-7916 CVE-2016-7915 CVE-2016-7914 CVE-2016-7912 CVE-2016-7911 CVE-2016-7910 CVE-2016-6828 CVE-2016-6753 CVE-2016-6752 CVE-2016-6751 CVE-2016-6750 CVE-2016-6749 CVE-2016-6748 CVE-2016-6745 CVE-2016-6744 CVE-2016-6743 CVE-2016-6742 CVE-2016-6741 CVE-2016-6740 CVE-2016-6739 CVE-2016-6738 CVE-2016-6737 CVE-2016-6729 CVE-2016-6728 CVE-2016-6727 CVE-2016-6725 CVE-2016-6724 CVE-2016-6723 CVE-2016-6722 CVE-2016-6721 CVE-2016-6720 CVE-2016-6719 CVE-2016-6717 CVE-2016-6715 CVE-2016-6714 CVE-2016-6713 CVE-2016-6712 CVE-2016-6711 CVE-2016-6710 CVE-2016-6709 CVE-2016-6707 CVE-2016-6705 CVE-2016-6704 CVE-2016-6703 CVE-2016-6698 CVE-2016-6136 CVE-2016-5300 CVE-2016-5195 CVE-2016-3907 CVE-2016-3906 CVE-2016-3904 CVE-2016-2184 CVE-2016-0718 CVE-2015-8964 CVE-2015-8963 CVE-2015-8962 CVE-2015-8961 CVE-2015-1283 CVE-2014-9675 CVE-2012-6702 Original Bulletin: http://support.blackberry.com/kb/articleDetail?articleNumber=000038666 - --------------------------BEGIN INCLUDED TEXT-------------------- BlackBerry powered by Android Security Bulletin - November 2016 Article Number: 000038666 First Published: November 07, 2016 Last Modified: November 07, 2016 Type: Security Bulletin Purpose of this Bulletin BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (November 2016) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones. Vulnerabilities Fixed in this Update The following vulnerabilities have been remediated in this update: Elevation of Privilege in Kernel Subsystem An elevation of privilege vulnerability in the kernel memory management subsystem could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-5195 Remote Code Execution Vulnerability in Android Runtime A remote code execution vulnerability in an Android runtime library could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. CVE-2016-6703 Elevation of Privilege Vulnerabilities in Mediaserver Elevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-6704 CVE-2016-6705 Elevation of Privilege Vulnerability in System Server An elevation of privilege vulnerability in system server could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-6707 Information Disclosure Vulnerability in Conscrypt and BoringSSL An information disclosure vulnerability in Conscrypt and BoringSSL could enable a man-in-the middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. CVE-2016-6709 Information Disclosure Vulnerability in Download Manager An information disclosure vulnerability in the download manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2016-6710 Denial of Service Vulnerabilities in Mediaserver Remote denial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2016-6711 CVE-2016-6712 CVE-2016-6713 CVE-2016-6714 Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the Framework APIs could allow a local malicious application to record audio without the user's permission. CVE-2016-6715 Elevation of Privilege Vulnerability in Mediaserver An elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-6717 Elevation of Privilege Vulnerability in Bluetooth An elevation of privilege vulnerability in the Bluetooth component could enable a local malicious application to pair with any Bluetooth device without user consent. CVE-2016-6719 Information Disclosure Vulnerabilities in Mediaserver Information disclosure vulnerabilities in mediaserver could enable a local malicious application to access data outside of its permission levels. CVE-2016-6720 CVE-2016-6721 CVE-2016-6722 Denial of Service Vulnerability in Proxy Auto Config A denial of service vulnerability in Proxy Auto Config could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. CVE-2016-6723 Denial of Service Vulnerability in Input Manager Service A denial of service vulnerability in the Input Manager Service could enable a local malicious application to cause the device to continually reboot. CVE-2016-6724 Remote Code Execution Vulnerability in Qualcomm GPS Subsystem A remote code execution vulnerability in the Qualcomm GPS subsystem could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-6727 Remote Code Execution Vulnerability in Qualcomm Crypto Driver A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-6725 Elevation of Privilege Vulnerability in Kernel ION Subsystem An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6728 Elevation of Privilege Vulnerability in Qualcomm Bootloader An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6729 Elevation of Privilege Vulnerability in Kernel Networking Subsystem An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6828 Elevation of Privilege Vulnerability in Kernel Sound Subsystem An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2184 Elevation of Privilege Vulnerabilities in Kernel File System Elevation of privilege vulnerabilities in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-7910 CVE-2016-7911 CVE-2015-8961 Elevation of Privilege Vulnerability in Kernel SCSI Driver An elevation of privilege vulnerability in the kernel SCSI driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-8962 Elevation of Privilege Vulnerability in Kernel USB Driver An elevation of privilege vulnerability in the kernel USB driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-7912 Elevation of Privilege Vulnerability in Kernel ION Subsystem An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6737 Remote Code Execution Vulnerabilities in Expat Multiple vulnerabilities exist in the Expat library, the most severe of which is an elevation of privilege vulnerability in the Expat XML parser, which could enable an attacker using a specially crafted file to execute arbitrary code in an unprivileged process. CVE-2016-0718 CVE-2012-6702 CVE-2016-5300 CVE-2015-1283 Remote Code Execution Vulnerability in Freetype A remote code execution vulnerability in Freetype could enable a local malicious application to load a specially crafted font to cause memory corruption in an unprivileged process. CVE-2014-9675 Elevation of Privilege Vulnerability in Kernel System-call Auditing Subsystem An elevation of privilege vulnerability in the kernel system-call auditing subsystem could enable a local malicious application to disrupt system-call auditing in the kernel. CVE-2016-6136 Elevation of Privilege Vulnerability in Qualcomm Crypto Engine Driver An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6738 Elevation of Privilege Vulnerabilities in Qualcomm Camera Driver Elevation of privilege vulnerabilities in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6739 CVE-2016-6740 CVE-2016-6741 Elevation of Privilege Vulnerability in Qualcomm Bus Driver An elevation of privilege vulnerability in the Qualcomm bus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3904 Elevation of Privilege Vulnerabilities in Synaptics Touchscreen Driver Elevation of privilege vulnerabilities in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-6742 CVE-2016-6743 CVE-2016-6744 CVE-2016-6745 Elevation of Privilege Vulnerability in Kernel Performance Subsystem An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-8963 Information Disclosure Vulnerabilities in Kernel Components Information disclosure vulnerabilities in kernel components including the human interface device driver, file system, and Teletype driver, could enable a local malicious application to access data outside of its permission levels. CVE-2016-7914 CVE-2015-8964 CVE-2016-7915 CVE-2016-7916 Information Disclosure Vulnerabilities in Qualcomm Components Information disclosure vulnerabilities in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-6748 CVE-2016-6749 CVE-2016-6750 CVE-2016-3906 CVE-2016-3907 CVE-2016-6698 CVE-2016-6751 CVE-2016-6752 Information Disclosure Vulnerabilities in Kernel Components Information disclosure vulnerabilities in kernel components, including the process-grouping subsystem and the networking subsystem, could enable a local malicious application to access data outside of its permission levels. CVE-2016-6753 CVE-2016-7917 Available Updates An updated software version is available immediately for BlackBerry powered by Android smartphones that have been purchased from ShopBlackBerry.com. Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules. To identify an up to date software build, navigate to the Settings>About Phone menu. Look for the following Android security patch level: November 6, 2016 If your BlackBerry powered by Android smartphone does not have an up-to-date software build available, please contact your retailer or carrier directly for security maintenance release availability information. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWCKtKox+lLeg9Ub1AQjIsA/8CuYa3ZRVS5MJC4lEtmqsD7Z/ro0j3BiH 5dyN7ULFOSlI2jYX2wIllOcAFDgNd75FPRkZUzi+X5e706DK0W0Y7/1iAvGuVynp S7qP5dAR18j42U+p8EJFineAjJv54om0x0sycKRy8W/rv+CbKot6rYFTmlQpJ5n6 Uo2and1gHxih6MA+pSbFQxyy6Gp7UFyR/I0pEnSOpJm36pX73fu/6nZloZJxpbe8 dMTi/8fN+eANBcrOx9XJcSnBD550PkhD0e4k8kSzVzUDT5iHUSCMe94ytaiJdvEF gpNCOALOiSnha+QnMEZQC6yaUDk9vuPPwe3JjtGsrryn5KgNecGlvBY898Cw7BCb ngb1irCjXe+FauuHtsinrYMxTJX4P8VhYp6TCoB1BfNDrQHZatfsq91XhcqsXovM 2KQNneFarIgfUdtjGqQZGhadmrBZO1PShBZb6nQZDOQro8xlsvvq/MiS/PYIPZ8a zjrV/uaPXxYf9845A/LPKS5JHysq81jDLuh3BUKwlj/K9AWlYn1HacdLIPh1re1T +0TbMruaHhMbo+X2TCncfZdkJ/5cLwEYVso/v/BW5JRz5HHEb7Xdt+6qRbnwEGfh kxlRL6CYGRHVz889m9t5sDAbn0Gph5DDr8dk6jER/zvqtMvuoqZ1apiuXmQbZJJ5 mxqbsoyw9vc= =8MCH -----END PGP SIGNATURE-----