Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.0855
BlackBerry Powered by Android Security Bulletin April 2016
6 April 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BlackBerry powered by Android
Publisher: BlackBerry
Operating System: Android
BlackBerry Device
Impact/Access: Root Compromise -- Remote with User Interaction
Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Increased Privileges -- Remote/Unauthenticated
Access Privileged Data -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-2427 CVE-2016-2426 CVE-2016-2424
CVE-2016-2423 CVE-2016-2422 CVE-2016-2421
CVE-2016-2417 CVE-2016-2416 CVE-2016-2415
CVE-2016-2414 CVE-2016-2413 CVE-2016-2412
CVE-2016-2411 CVE-2016-2410 CVE-2016-1503
CVE-2016-0850 CVE-2016-0849 CVE-2016-0848
CVE-2016-0847 CVE-2016-0846 CVE-2016-0844
CVE-2016-0841 CVE-2016-0838 CVE-2016-0837
CVE-2015-1805
Reference: ESB-2016.0777
ESB-2015.1440
ASB-2016.0034
Original Bulletin:
http://support.blackberry.com/kb/articleDetail?articleNumber=000038099
- --------------------------BEGIN INCLUDED TEXT--------------------
BlackBerry Powered by Android Security Bulletin April 2016
Article Number: 000038099
First Published: April 04, 2016
Last Modified: April 04, 2016
Type: Security Bulletin
Purpose of this Bulletin
BlackBerry has released a security update to address multiple vulnerabilities
in BlackBerry powered by Android smartphones. We recommend users update to the
latest available build, as outlined in the Available Updates section.
BlackBerry releases security bulletins to notify users of its Android
smartphones about available security fixes; see BlackBerry.com/bbsirt for a
complete list of monthly bulletins. This advisory is in response to the Nexus
Security Bulletin (April 2016) and addresses issues in that bulletin that
affect BlackBerry powered by Android smartphones.
Vulnerabilities Fixed in this Update
CVE-2016-1503:
Remote Code Execution Vulnerability in DHCPD
A vulnerability in the Dynamic Host Configuration Protocol service could
enable an attacker to cause memory corruption, which could lead to remote code
execution.
CVE-2016-0837, CVE-2016-0838, CVE-2016-0841:
Remote Code Execution Vulnerabilities in Mediaserver
During media file and data processing of a specially crafted file,
vulnerabilities in mediaserver could allow an attacker to cause memory
corruption and remote code execution as the mediaserver process.
The affected functionality is provided as a core part of the operating system
and there are multiple applications that allow it to be reached with remote
content, most notably MMS and browser playback of media.
CVE-2016-0844:
Elevation of Privilege Vulnerability in Qualcomm RF component
A vulnerability in the Qualcomm RF driver could enable a local malicious
application to execute arbitrary code within the context of the kernel.
CVE-2016-0846:
Elevation of Privilege Vulnerability in IMemory Native Interface
An elevation of privilege vulnerability in the IMemory Native Interface could
enable a local malicious application to execute arbitrary code within the
context of an elevated system application.
CVE-2016-0847:
Elevation of Privilege Vulnerability in Telecom Component
An elevation of privilege vulnerability in the Telecom Component could enable
an attacker to spoof calls to appear from any arbitrary number.
CVE-2016-0848:
Elevation of Privilege Vulnerability in Download Manager
An elevation of privilege vulnerability in the Download Manager could enable
an attacker to gain access to unauthorized files in private storage.
CVE-2016-0849:
Elevation of Privilege Vulnerability in Recovery Procedure
An elevation of privilege vulnerability in the Recovery Procedure could enable
a local malicious application to execute arbitrary code within the context of
an elevated system application.
CVE-2016-0850:
Elevation of Privilege Vulnerability in Bluetooth
An elevation of privilege vulnerability in Bluetooth could enable an untrusted
device to pair with the phone during the initial pairing process. This could
lead to unauthorized access of the device resources, such as the Internet
Connection.
CVE-2016-2410:
Elevation of Privilege Vulnerability in a Qualcomm Video Kernel Driver
An elevation of privilege vulnerability in a Qualcomm video kernel driver
could enable a local malicious application to execute arbitrary code within
the context of the kernel.
CVE-2016-2411:
Elevation of Privilege Vulnerability in Qualcomm Power Management component
An elevation of privilege vulnerability in a Qualcomm Power Management kernel
driver could enable a local malicious application to execute arbitrary code
within the context of the kernel.
CVE-2016-2412:
Elevation of Privilege Vulnerability in System_server
An elevation of privilege vulnerability in System_server could enable a local
malicious application to execute arbitrary code within the context of an
elevated system application.
CVE-2016-2413:
Elevation of Privilege Vulnerability in Mediaserver
An elevation of privilege vulnerability in mediaserver could enable a local
malicious application to execute arbitrary code within the context of an
elevated system application.
CVE-2016-2414:
Denial of Service Vulnerability in Minikin
A denial of service vulnerability in the Minikin library could allow a local
attacker to temporarily block access to an affected device. An attacker could
cause an untrusted font to be loaded and cause an overflow in the Minikin
component which leads to a crash.
CVE-2016-2415:
Information Disclosure Vulnerability in Exchange ActiveSync
An information disclosure vulnerability in Exchange ActiveSync could enable a
local malicious application to gain access to user's private information.
CVE-2016-2416, CVE-2016-2417:
Information Disclosure Vulnerabilities in Mediaserver
Information disclosure vulnerabilities in mediaserver could permit a bypass of
security measures in place to increase the difficulty of attackers exploiting
the platform.
CVE-2016-2421:
Elevation of Privilege Vulnerability in Setup Wizard
A vulnerability in the Setup Wizard could allow a malicious attacker to bypass
the Factory Reset Protection and gain access to the device.
CVE-2016-2422:
Elevation of Privilege Vulnerability in Wi-Fi
An elevation of privilege vulnerability in Wi-Fi could enable a local
malicious application to execute arbitrary code within the context of an
elevated system application.
CVE-2016-2423:
Elevation of Privilege Vulnerability in Telephony
A vulnerability in Telephony could allow a malicious attacker to bypass the
Factory Reset Protection and gain access to the device.
CVE-2016-2424:
Denial of Service Vulnerability in SyncStorageEngine
A denial of service vulnerability in the SyncStorageEngine could enable a
local malicious application to cause a reboot loop.
CVE-2016-2426:
Information Disclosure Vulnerability in Framework
An information disclosure vulnerability in the Framework component could allow
an application to access sensitive information.
CVE-2016-2427:
Information Disclosure Vulnerability in BouncyCastle
An information disclosure vulnerability in BouncyCastle could allow an
authentication key to be leaked.
CVE-2015-1805:
Elevation of Privilege Vulnerability in the Kernel
An elevation of privilege vulnerability in the kernel could enable a local
malicious application to execute arbitrary code within the context of the
kernel.
Available Updates
An updated software version is available immediately for BlackBerry Powered by
Android smartphones that have been purchased from ShopBlackBerry.com. The
updated software version can be identified with the following build ID:
Build AAE298
If your BlackBerry Powered by Android smartphone was purchased from a source
other than ShopBlackBerry.com, please contact that retailer or carrier
directly for security maintenance release availability information.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVwR/D36ZAP0PgtI9AQKiaBAAk06LtyQHpxlbwS9FI1Q6KuLxkUN98Fh+
3skOv79jdAircvxRFFvnttbMLS/03Aftj5I89yLlJ8uqvmcH3So8Vh0dvNmti1Rp
ULYmKZIkcvCMQwX4kC5tn0j6fwes+RIg/Yl6IpCKiym83L/L0qKMCNqvvLnR7mKY
2RltdSQVgzoMw4L9kYEX2iWJWt21H+eNw/Rydw4gJyH/zELFhZSPkQaPuMMoKiS7
+tc1dJf1I50Etp7gCYmzzNODF8YHUgu2Cag0NrHPu23oZtDhNNWGEdv3MOo5kUKN
FgqaTQQG9DEh96+jY4VhF3vW9wcwzaWu6WlIyA4HvN6RVKDIUMaW46Ags77hB68z
jfSTwxPKa9uTWcSQCiNRqkCqIYQE8MWngsfJo3VJaiR0KdArbzGUwSXKgamV2WJp
esfkzjuzExXnUf/lRrI77LiRtXEskEmkd7CDvyPfF/7AWJGafb9ZCPo9xlVNhTXw
O3u316djDM1Y6ucV9BIEzjUQY5hyAIvGuPO2HKnuUdzBydKv+JB9QOPbJQCShUx1
jczRkpBQqlhO1jDAz/l2SF2VuNwy6gwV1waRKWm+AriKjmE+C3bql7O46TYjyUX0
75FaVR+rXLRMUI8GE5Z5+AtXwngRBfYJkOQxUp6BoAHJCPXxE8GMl6bX48x/p2W0
7jBx7AI/uy8=
=/V8X
-----END PGP SIGNATURE-----