BlackBerry has today rolled out the April 2017 Android Security update to Android devices that have been purchased from ShopBlackBerry.com.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes.
Google have made two security patches available and, as always, BlackBerry have incorprated the latest patch – April 5, 2017.
The following vulnerabilities have been remediated in this update:
Summary Description CVE Remote code execution vulnerability in Mediaserver A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. CVE-2017-0538 CVE-2017-0539 CVE-2017-0540 CVE-2017-0541 CVE-2017-0542 CVE-2017-0543 Elevation of privilege vulnerability in CameraBase An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. CVE-2017-0544 Elevation of privilege vulnerability in Audioserver An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process CVE-2017-0545 Elevation of privilege vulnerability in SurfaceFlinger An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2017-0546 Information disclosure vulnerability in Mediaserver An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0547 Denial of service vulnerability in Mediaserver A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2017-0549 CVE-2017-0550 CVE-2017-0551 CVE-2017-0552 Elevation of privilege vulnerability in libnl An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. CVE-2017-0553 Elevation of privilege vulnerability in Telephony An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. CVE-2017-0554 Information disclosure vulnerability in Mediaserver An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0555 CVE-2017-0556 CVE-2017-0557 CVE-2017-0558 Information disclosure vulnerability in libskia An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. CVE-2017-0559 Information disclosure vulnerability in Factory Reset An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. CVE-2017-0560 Remote code execution vulnerability in Broadcom Wi-Fi firmware A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. CVE-2017-0561 Remote code execution vulnerability in Qualcomm crypto engine driver A remote code execution vulnerability in the Qualcomm crypto engine driver could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-10230 Remote code execution vulnerability in kernel networking subsystem A remote code execution vulnerability in the kernel networking subsystem could enable a remote attacker to execute arbitrary code within the context of the kernel. CVE-2016-10229 Elevation of privilege vulnerability in kernel ION subsystem An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0564 Vulnerabilities in Qualcomm components Multiple vulnerabilities in Qualcomm components CVE-2016-10237 CVE-2016-10238 CVE-2016-10239 Remote code execution vulnerability in Freetype A remote code execution vulnerability in Freetype could enable a local malicious application to load a specially crafted font to cause memory corruption in an unprivileged process CVE-2016-10244 Elevation of privilege vulnerability in kernel sound subsystem An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-4656 Elevation of privilege vulnerability in Broadcom Wi-Fi driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0567 CVE-2017-0568 CVE-2017-0569 CVE-2017-0570 CVE-2017-0571 CVE-2017-0572 CVE-2017-0573 CVE-2017-0574 Elevation of privilege vulnerability in Qualcomm Wi-Fi driver An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0575 Elevation of privilege vulnerability in Qualcomm crypto engine driver An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0576 Elevation of privilege vulnerability in DTS sound driver An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0578 Elevation of privilege vulnerability in Qualcomm sound codec driver An elevation of privilege vulnerability in the Qualcomm sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-10231 Elevation of privilege vulnerability in Qualcomm video driver An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0579 CVE-2016-10232 CVE-2016-10233 Elevation of privilege vulnerability in Qualcomm Seemp driver An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-0462 Elevation of privilege vulnerability in Qualcomm Kyro L2 driver An elevation of privilege vulnerability in the Qualcomm Kyro L2 driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-6423 Elevation of privilege vulnerability in kernel file system An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-9922 Information disclosure vulnerability in kernel networking subsystem An information disclosure vulnerability in the kernel networking subsystem could enable a local malicious application to access data outside of its permission levels. CVE-2014-3145 Information disclosure vulnerability in Qualcomm IPA driver An information disclosure vulnerability in the Qualcomm IPA driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-10234 Denial of service vulnerability in Qualcomm Wi-Fi driver A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. CVE-2016-10235 Elevation of privilege vulnerability in kernel file system An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code outside of its permission levels. CVE-2016-7097 Elevation of privilege vulnerability in Qualcomm Wi-Fi driver An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2017-6424 Elevation of privilege vulnerability in Broadcom Wi-Fi driver An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-8465 Information disclosure vulnerability in kernel media driver An information disclosure vulnerability in the kernel media driver could enable a local malicious application to access data outside of its permission levels. CVE-2014-1739 Information disclosure vulnerability in Qualcomm Wi-Fi driver An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0584 Information disclosure vulnerability in Broadcom Wi-Fi driver An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0585 Information disclosure vulnerability in Qualcomm Avtimer driver An information disclosure vulnerability in the Qualcomm Avtimer driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-5346 Information disclosure vulnerability in Qualcomm video driver An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-6425 Information disclosure vulnerability in Qualcomm USB driver An information disclosure vulnerability in the Qualcomm USB driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-10236 Information disclosure vulnerability in Qualcomm sound driver An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-0586 Information disclosure vulnerability in Qualcomm SPMI driver An information disclosure vulnerability in the Qualcomm SPMI driver could enable a local malicious application to access data outside of its permission levels. CVE-2017-6426 Vulnerabilities in Qualcomm components Multiple vulnerabilities in Qualcomm components CVE-2014-9937 CVE-2014-9934
If you own an Android device from BlackBerry and are not seeing the system update message, you can check manually by heading into Settings -> About phone -> System updates and checking manually. Look for the following Android security patch level: April 5, 2017.
Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.
