Latest Blackberry Priv Update Addresses A Security Problem By Upgrading To Newer Android/Linux Kernel
Blackberry has released an update for their Blackberry Priv smartphone that upgrades it to newer Android/Linux kernel to address a recently discovered security issue. A recent discovery showed that the Android / Linux kernel was vulnerable to a specific attack that grants the attacker locally elevated privileges. According to Blackberry, once you installed this latest update, you "will be fully protected from this vulnerability".
This advisory addresses an industry-wide elevation of privilege vulnerability that is not currently being exploited against, but affects, BlackBerry® PRIV smartphones. BlackBerry customer risk is limited by the inability of a potential attacker to force exploitation of the vulnerability without customer interaction. Successful exploitation requires an attacker craft a malicious application (app) and that a user install the malicious app. If the requirements are met for exploitation, an attacker could potentially gain locally elevated privileges. After installing the recommended software update, affected customers will be fully protected from this vulnerability.
An elevation of privilege vulnerability exists in the shared Android/Linux kernel used in affected versions of BlackBerry PRIV smartphones. The kernel constitutes the central core of the smartphone's operating system.
Successful exploitation of this vulnerability could result in an attacker gaining elevated privileges on the smartphone.
In order to exploit this vulnerability, an attacker must craft a malicious app. The attacker must then persuade a user to download and install the malicious app.
This vulnerability has a Common Vulnerability Scoring System (CVSSv2) score of 6.9. View the linked Common Vulnerability and Exposures (CVE) identifiers for a description of the security issue that this security advisory addresses.
CVE identifier - CVSSv2 score
CVE-2015-1805 - 6.9
Priv owners, who purchased their device from ShopBlackBerry.com, should see the update popping up on their phone. If you are not yet noticing the update, you can head into "Settings", "About phone" and check manually for the update.