BlackBerry have promised to deliver security patches on a monthly basis for their Android smartphones and so far they are keeping good on that promise.
The company has today rolled out the February 2017 Android Security update to Android devices that have been purchased from ShopBlackBerry.com.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.
The following vulnerabilities have been remediated in this update:
Summary Description CVE Remote Code Execution Vulnerabilities in Mediaserver Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2017-0407 Remote Code Execution Vulnerability in libstagefright A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. CVE-2017-0409 Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0410 Elevation of Privilege Vulnerability in Mediaserver An elevation of privilege vulnerability in mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0415 Elevation of Privilege Vulnerabilities in Audioserver Elevation of privilege vulnerabilities in audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0416 CVE-2017-0417 CVE-2017-0418 CVE-2017-0419 Information Disclosure Vulnerabilities in AOSP Messaging Information disclosure vulnerabilities in AOSP messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2017-0413 CVE-2017-0414 Information Disclosure Vulnerability in Framework APIs An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2017-0421 Denial of Service Vulnerability in Bionic DNS A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. CVE-2017-0422 Elevation of Privilege Vulnerability in Bluetooth An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. CVE-2017-0423 Information Disclosure Vulnerability in AOSP Messaging An information disclosure vulnerability in AOSP messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. CVE-2017-0424 Information Disclosure Vulnerability in Audioserver An information disclosure vulnerability in audioserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0425 Remote Code Execution Vulnerability in Qualcomm Crypto Driver A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-8418 Elevation of Privilege Vulnerability in Kernel File System An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0427 Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0430 Vulnerability in Qualcomm Components A denial of service vulnerability caused by improper data validation on DES3 object and DsaSignDigest in GP library operations. CVE-2017-0431 Elevation of Privilege Vulnerability in Qualcomm Secure Execution Environment Communicator Driver An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8480 Elevation of Privilege Vulnerabilities in Qualcomm Sound Driver Elevation of privilege vulnerabilities in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8481 CVE-2017-0435 CVE-2017-0436 Elevation of Privilege Vulnerabilities in Qualcomm Wi-Fi Driver Elevation of privilege vulnerabilities in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0437 CVE-2017-0438 CVE-2017-0439 CVE-2016-8419 CVE-2016-8420 CVE-2016-8421 CVE-2017-0440 CVE-2017-0441 CVE-2017-0442 CVE-2017-0443 CVE-2016-8476 Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0449 Elevation of Privilege Vulnerability in Kernel File System An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to bypass protections that prevent an escalation of privileges. CVE-2016-10044 Information Disclosure Vulnerability in Qualcomm Secure Execution Environment Communicator An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. CVE-2016-8414 Information Disclosure Vulnerability in Qualcomm Sound Driver An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0451If you own an Android device from BlackBerry and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually. Look for the following Android security patch level: February 5, 2017.
Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.
