Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2855 BlackBerry powered by Android Security Bulletin - November 2017 9 November 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BlackBerry Publisher: BlackBerry Operating System: BlackBerry Device Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-11093 CVE-2017-11092 CVE-2017-11091 CVE-2017-11090 CVE-2017-11089 CVE-2017-11085 CVE-2017-11073 CVE-2017-11058 CVE-2017-11038 CVE-2017-11035 CVE-2017-11032 CVE-2017-11029 CVE-2017-11028 CVE-2017-11027 CVE-2017-11026 CVE-2017-11025 CVE-2017-11024 CVE-2017-11023 CVE-2017-11022 CVE-2017-11017 CVE-2017-11015 CVE-2017-11013 CVE-2017-9721 CVE-2017-9719 CVE-2017-9702 CVE-2017-9701 CVE-2017-9696 CVE-2017-9690 CVE-2017-8279 CVE-2017-6001 CVE-2017-1160 CVE-2017-0862 CVE-2017-0861 CVE-2017-0860 CVE-2017-0858 CVE-2017-0857 CVE-2017-0854 CVE-2017-0853 CVE-2017-0851 CVE-2017-0850 CVE-2017-0849 CVE-2017-0848 CVE-2017-0845 CVE-2017-0842 CVE-2017-0841 CVE-2017-0840 CVE-2017-0839 CVE-2017-0838 CVE-2017-0836 CVE-2017-0835 CVE-2017-0834 CVE-2017-0833 CVE-2017-0832 CVE-2017-0830 CVE-2017-0427 Reference: ASB-2017.0190 ESB-2017.2233 ESB-2017.1208 ESB-2017.0405 Original Bulletin: http://support.blackberry.com/kb/articleDetail?articleNumber=000046592 - --------------------------BEGIN INCLUDED TEXT-------------------- BlackBerry powered by Android Security Bulletin - November 2017 Article Number: 000046592 First Published: November 08, 2017 Last Modified: November 08, 2017 Type: Security Bulletin Purpose of this Bulletin BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (November 2017) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones. Back to top ? Vulnerabilities Fixed in this Update The following vulnerabilities have been remediated in this update: Summary CVE Elevation of Privilege in Device Check-in CVE-2017-0830 Remote Code Execution in Media Framework CVE-2017-0832 Remote Code Execution in Media Framework CVE-2017-0833 Remote Code Execution in Media Framework CVE-2017-0834 Remote Code Execution in Media Framework CVE-2017-0835 Remote Code Execution in Media Framework CVE-2017-0836 Elevation of Privilege in Media Framework CVE-2017-0838 Information Disclosure in Media Framework CVE-2017-0839 Information Disclosure in Media Framework CVE-2017-0840 Remote Code Execution in Libutils CVE-2017-0841 Elevation of Privilege in Bluetooth CVE-2017-0842 Remote Code Execution in Qualcomm WLAN CVE-2017-11013 Remote Code Execution in Qualcomm WLAN CVE-2017-11015 Elevation of Privilege in Qualcomm GPU Driver CVE-2017-11092 Elevation of Privilege in Qualcomm QBT1000 Driver CVE-2017-9690 Elevation of Privilege in Qualcomm Linux Boot CVE-2017-11017 Information Disclosure in Qualcomm Camera CVE-2017-11028 Elevation of Privilege in Update: General kernel CVE-2017-0427 Denial of Service in SyncStorageEngine CVE-2017-0845 Information Disclosure in Media Framework CVE-2017-0848 Information Disclosure in Media Framework CVE-2017-0849 Information Disclosure in Media Framework CVE-2017-0850 Information Disclosure in Media Framework CVE-2017-0851 Denial of Service in Media Framework CVE-2017-0853 Denial of Service in Media Framework CVE-2017-0854 Denial of Service in Media Framework CVE-2017-0857 Denial of Service in Media Framework CVE-2017-0858 Elevation of Privilege in InputDispatcher CVE-2017-0860 Elevation of Privilege in Core Kernel CVE-2017-6001 Elevation of Privilege in Kernel Audio Driver CVE-2017-0861 Elevation of Privilege in Kernel CVE-2017-0862 Elevation of Privilege in Kernel Networking Subsystem CVE-2017-1160 Elevation of Privilege in Qualcomm Networking CVE-2017-11073 Subsystem Elevation of Privilege in Qualcomm WLAN CVE-2017-11035 Elevation of Privilege in Qualcomm Audio CVE-2017-11085 Elevation of Privilege in Qualcomm Video Driver CVE-2017-11091 Elevation of Privilege in Qualcomm Linux Boot CVE-2017-11026 Elevation of Privilege in Qualcomm Memory Subsystem CVE-2017-11038 Elevation of Privilege in Qualcomm Linux Kernel CVE-2017-11032 Elevation of Privilege in Qualcomm Display CVE-2017-9719 Elevation of Privilege in Qualcomm Wired connectivity CVE-2017-11024 Elevation of Privilege in Qualcomm ASDL CVE-2017-11025 Elevation of Privilege in Qualcomm Services CVE-2017-11023 Elevation of Privilege in Qualcomm Camera CVE-2017-11029 Elevation of Privilege in Qualcomm Display CVE-2017-9721 Elevation of Privilege in Qualcomm Camera CVE-2017-9702 Information Disclosure in Qualcomm WLAN CVE-2017-11089 Information Disclosure in Qualcomm WLAN CVE-2017-11090 Information Disclosure in Qualcomm HDMI CVE-2017-11093 Information Disclosure in Qualcomm Services CVE-2017-8279 Information Disclosure in Qualcomm Kernel CVE-2017-9696 Information Disclosure in Qualcomm WLAN CVE-2017-11058 Information Disclosure in Qualcomm WLAN CVE-2017-11022 Information Disclosure in Qualcomm Linux Boot CVE-2017-9701 Information Disclosure in Qualcomm Linux Boot CVE-2017-11027 Available Updates BlackBerry is making an updated software version available for BlackBerry powered by Android smartphones that have been purchased from ShopBlackBerry.com . Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules. To identify an up to date software build, navigate to the Settings>About Phone menu. Look for the following Android security patch level: o November 6, 2017 or later If your BlackBerry powered by Android smartphone does not have an up-to-date software build available, please contact your retailer or carrier directly for security maintenance release availability information. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWgPB8ox+lLeg9Ub1AQiJrQ//U/7xURpEalt+Crgoq269Q8wHcl8/4HzX 1YE8GVA6ziwdyQWZQWnNZ9AxT69d1mbPk+3UBOwu53KbGmCGJJqY6HV2s302tpLV uu7Wn5EEnfTBmbNlYGawyOkq3S63wVR1DU3hXGVrq0vlziHvUGi6iDyyj7jUBPQX CRoo6Z0Vgq1JVYM06E6DiPQty7TTURzBohD6YYz01eFcOXyxEDyDSriOmQveZKWn HeyrD3pjpco0brWiW2+SiGK77Ae/oyb/b6Ep6c3BhjmEP/nGRSoCX1eDlkEg1Nky 5FqzOihjvNWLyUFQGBO2OKuFQmgJ2473RQ1A84R2KODvlTOG5aOoPjAv5vL5gI1w fz3s7KSz2PWm9w1Eu8oIqlzcfZ5mHRrkeYA6yPHmit43CcHp6Bv61F2lsLld2iDi mIb9xzMijxlhA2CF4fC4W16GIgBQHNQyuvBIKyTAM+m4VuPijk+EaSlpilHZKPA8 5YQV65inJDsLDqrmhwU10CHogS2KbJMOsVdKm4JDQSEw9Peri1adAlWEtg4OVEL4 nEMZ+a//vVVpbzg7X9o+QZcJYz549Rx/1qOckrTWRbT2jRrkmEednT4Xt5gCd6P5 B2h8OK1+di6gG8FzDBdXHdFAIVTIDEk8P0o18mK83ALksDaO9Cfcv9E8s7+y3kq+ nh0ImPutJ2A= =i1IX -----END PGP SIGNATURE-----