Prime Inspiration

Latest Blackberry Priv Update Addresses A Security Problem By Upgrading To Newer Android/Linux Kernel

by

Raja Rajan
in
BlackBerry Priv
BlackBerry Priv

Blackberry has released an update for their Blackberry Priv smartphone that upgrades it to newer Android/Linux kernel to address a recently discovered security issue. A recent discovery showed that the Android / Linux kernel was vulnerable to a specific attack that grants the attacker locally elevated privileges. According to Blackberry, once you installed this latest update, you “will be fully protected from this vulnerability”.

This advisory addresses an industry-wide elevation of privilege vulnerability that is not currently being exploited against, but affects, BlackBerry® PRIV smartphones. BlackBerry customer risk is limited by the inability of a potential attacker to force exploitation of the vulnerability without customer interaction. Successful exploitation requires an attacker craft a malicious application (app) and that a user install the malicious app. If the requirements are met for exploitation, an attacker could potentially gain locally elevated privileges. After installing the recommended software update, affected customers will be fully protected from this vulnerability.

Vulnerability Information

An elevation of privilege vulnerability exists in the shared Android/Linux kernel used in affected versions of BlackBerry PRIV smartphones. The kernel constitutes the central core of the smartphone’s operating system. 

Successful exploitation of this vulnerability could result in an attacker gaining elevated privileges on the smartphone.

In order to exploit this vulnerability, an attacker must craft a malicious app. The attacker must then persuade a user to download and install the malicious app.

This vulnerability has a Common Vulnerability Scoring System (CVSSv2) score of 6.9. View the linked Common Vulnerability and Exposures (CVE) identifiers for a description of the security issue that this security advisory addresses.

CVE identifier – CVSSv2 score

CVE-2015-1805 – 6.9

Priv owners, who purchased their device from ShopBlackBerry.com, should see the update popping up on their phone. If you are not yet noticing the update, you can head into “Settings”, “About phone” and check manually for the update.

Source: Blackberry

Tags:

, , ,
Raja Rajan Avatar
Raja Rajan
Raja has been obsessed with technology and Cricket for as long as he can remember. Nowadays, he works as a freelance developer and writer for PrimeInspiration.com

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter

Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesn’t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Google’s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading