Devices, PRIV

BlackBerry PRIV January Update – Build AAD250

A Happy New Year to all our BlackBerry friends and family.

Its only the 4th January 2016 and the work has started already.

First up is the PRIV receiving its 1st Android Update of the New Year.

It is only 16Mb this month but update 102 Apps on the phone.

This update has already been rolled out in parts of the world

so you may already have it : Build AAD250

Update Details:

Vulnerabilities Fixed in this Update

The following vulnerabilities have been remediated in this update:

Summary Description CVE
Remote Code Execution Vulnerability in Mediaserver During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
Elevation of Privilege Vulnerability in Setup Wizard An elevation of privilege vulnerability in the Setup Wizard can enable an attacker with physical access to the device to gain access to device settings and perform a manual device reset. CVE-2015-6643
Elevation of Privilege Vulnerability in Wi-Fi An elevation of privilege vulnerability in the Wi-Fi component can enable a locally proximate attacker to gain access to Wi-Fi service related information. A device is only vulnerable to this issue while in local proximity. CVE-2015-5310
Information Disclosure Vulnerability in Bouncy Castle An information disclosure vulnerability in the Bouncy Castle can enable a local malicious application to gain access to user’s private information. CVE-2015-6644
Denial of Service Vulnerability in SyncManager A denial of service vulnerability in the SyncManager can enable a local malicious application to cause a reboot loop.

Google is addressing escalation vulnerabilities in Bluetooth, Kernel, Setup Wizard, Wifi, Trustzone, Imagination Technologies Driver, and misc-sd driver.

Tagged , , , , , ,

About ian Fraser

Blackberry Admin Cloud and Storage Consultant Function DJ Hardware Engineer
View all posts by ian Fraser →

1 thought on “BlackBerry PRIV January Update – Build AAD250

Leave a Reply