Yesterday night, BlackBerry has started to roll out the first update for 2016. The January update, for the BlackBerry Priv is a security patch for the OS rather than feature adding or updates. If you got the update AAD250 last night and was wondering what it is about, check it out here!
What is fixed in this update?
A big focus for this month has been escalation of privilege vulnerabilities. This refers to any point in the code where something can ask for access to greater privileges than they are supposed to be granted by the operating system. Frequently, escalation-of-privilege vulnerabilities can lead to the ability to execute code that would otherwise not be allowed. In the January patch, Google is addressing escalation vulnerabilities in Bluetooth, Kernel, Setup Wizard, Wifi, Trustzone, Imagination Technologies Driver, and misc-sd driver. A remote code execution vulnerability in the Mediaserver was also addressed in this patch, as well as a denial of service vulnerability in Bouncy Castle. Finally, there was an attack surface reduction for Nexus kernels.