BlackBerry Priv Gets Its January Security Update

This month’s security update for the BlackBerry Priv is now out, but it’s not public for all carriers yet. As of now, the new security patch is only available for unlocked smartphones from ShopBlackBerry and certain carriers, with more carriers for it to come to soon.

You can view the tweet below :

If you’re curious about knowing what was patched in the security update, you can find out below :

Remote Code Execution Vulnerability in Mediaserver – During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.

Elevation of Privilege Vulnerability in Setup Wizard – An elevation of privilege vulnerability in the Setup Wizard can enable an attacker with physical access to the device to gain access to device settings and perform a manual device reset.

Elevation of Privilege Vulnerability in Wi-Fi – An elevation of privilege vulnerability in the Wi-Fi component can enable a locally proximate attacker to gain access to Wi-Fi service related information. A device is only vulnerable to this issue while in local proximity.

Information Disclosure Vulnerability in Bouncy Castle – An information disclosure vulnerability in the Bouncy Castle can enable a local malicious application to gain access to user’s private information.

Denial of Service Vulnerability in SyncManager – A denial of service vulnerability in the SyncManager can enable a local malicious application to cause a reboot loop.

Source: Security Bulletin.

Leave a Reply