Telus, Bell, and Rogers Roll Out Priv Security Update

IMG_20160104_230151

 

Like the title says, Canadian carriers are pushing out security updates for the Android 5.1.1 OS found on the BlackBerry Priv.

The update is a small 16.1mb file so it takes just a short time to download. That being said, the reboot and install including the optimization of apps takes a good 15 minutes or so.

See below for details of the 5 vulnerabilities fixed in the update, or click here.

Screenshot_2016-01-11-16-16-09

Vulnerabilities Fixed in this Update

The following vulnerabilities have been remediated in this update:

Summary Description CVE
Remote Code Execution Vulnerability in Mediaserver During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
CVE-2015-6636
Elevation of Privilege Vulnerability in Setup Wizard An elevation of privilege vulnerability in the Setup Wizard can enable an attacker with physical access to the device to gain access to device settings and perform a manual device reset. CVE-2015-6643
Elevation of Privilege Vulnerability in Wi-Fi An elevation of privilege vulnerability in the Wi-Fi component can enable a locally proximate attacker to gain access to Wi-Fi service related information. A device is only vulnerable to this issue while in local proximity. CVE-2015-5310
Information Disclosure Vulnerability in Bouncy Castle An information disclosure vulnerability in the Bouncy Castle can enable a local malicious application to gain access to user’s private information. CVE-2015-6644
Denial of Service Vulnerability in SyncManager A denial of service vulnerability in the SyncManager can enable a local malicious application to cause a reboot loop. CVE-2015-6645

Canuckvoip

Dave Matthews here. I'm a phone guy by trade supplying VOIP systems for business and industry. BlackBerry devices, playing PRS guitars in my band, golf, and RC flight are my current passions.

Top