Summary of impact on BlackBerry products
BlackBerry powered by Android smartphones
BlackBerry investigated the impact to its products and determined that BlackBerry powered by Android smartphones are affected by the following vulnerabilities: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088.
An updated software build to remediate these issues has been included in BlackBerry powered by Android builds identified by the Build numbers AAQ280, AAQ281, or AAQ289.
- For customers with BlackBerry powered by Android smartphones purchased through ShopBlackBerry.com, BlackBerry has begun making the fix available and will continue to deploy builds as they become available.
- For customers with BlackBerry powered by Android smartphones not purchased directly from BlackBerry, please consult your carrier or licensed manufacturer.
BlackBerry Enterprise products
Our enterprise solutions, including BlackBerry UEM, BlackBerry Dynamics, BBM Enterprise or BlackBerry Workspaces do not assume that the network used to carry the data is trustworthy, and therefore a weakness in the Wi-Fi protocol used as part of that network does not impact these solutions. Further, communication between UEM and devices is protected by additional layers of encryption. Please see Protecting data in transit in the BlackBerry UEM Security Note.
Actions for customers
BlackBerry recommends that all users of BlackBerry powered by Android smartphones should update to a build that contains the fix, as identified above, as soon as it is available. There is no action necessary for users of BlackBerry UEM, BlackBerry Dynamics, BBM Enterprise or BlackBerry Workspaces.