Number: AV16-058
Date: 6 April 2016
Purpose
The purpose of this advisory is to bring attention to a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones.
Assessment
The Blackberry powered by Android Security Bulletin addresses a security update for 26 vulnerabilities that could potentially enable remote code execution, elevation of privilege and data access on affected devices.
CVE References: CVE-2015-1805, CVE-2016-0837, CVE-2016-0838, CVE-2016-0841, CVE-2016-0844, CVE-2016-0846, CVE-2016-0847, CVE-2016-0848, CVE-2016-0849, CVE-2016-0850, CVE-2016-1503, CVE-2016-2410, CVE-2016-2411, CVE-2016-2412,CVE-2016-2413, CVE-2016-2414, CVE-2016-2415, CVE-2016-2416, CVE-2016-2417, CVE-2016-2421, CVE-2016-2422, CVE-2016-2423, CVE-2016-2424, CVE-2016-2426, CVE-2016-2427
Suggested Action
An updated software version is available immediately for BlackBerry Powered by Android smartphones that have been purchased from ShopBlackBerry.com. The updated software version can be identified with the build ID ‘Build AAE298’. If your devices were purchased from a source other than ShopBlackBerry.com, contact that retailer or carrier directly for security maintenance release availability information.
References:
http://support.blackberry.com/kb/articleDetail?articleNumber=000038099