Apps, BlackBerry Life, Devices, News, PRIV

BlackBerry PRIV February Security Update now available

The BlackBerry Priv is now receiving its February security patch. At this time, it is not clear exactly what has been patched or changed with this build, though we expect Google to reveal details about the update shortly. BlackBerry has done an excellent job so far in pushing timely security patches to the Priv. The update is pushing out now, and will likely hit unlocked smartphones purchased from ShopBlackBerry, then carrier variants.

If you own a Priv and are not yet seeing the update, you can check manually by heading into your Settings, About phone and checking for it there.

Update Version : AAD444

Vulnerabilities Fixed in this Update

The following vulnerabilities have been remediated in this update:

Summary Description CVE
Remote Code Execution Vulnerabilities in Mediaserver During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
Denial of Service Vulnerability in Minikin A denial of service vulnerability in the Minikin library can allow a local attacker to temporarily block access to an affected device. An attacker can cause an untrusted font to be loaded and cause an integer overflow in the Minikin component, which leads to a crash. CVE-2016-0808
Elevation of Privilege Vulnerability in Mediaserver An elevation of privilege vulnerability in mediaserver can enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-0810
Factory Reset Protection Bypass Vulnerabilities in Setup Wizard Vulnerabilities in the Setup Wizard could allow a malicious attacker to bypass the Factory Reset Protection and gain access to the device. CVE-2016-0812


Tagged , , , , ,

About ian Fraser

Blackberry Admin Cloud and Storage Consultant Function DJ Hardware Engineer
View all posts by ian Fraser →

Leave a Reply