14 DAY TRIAL // BlackBerry seems to be the first non-Google OEM to start pushing the newest January security patch to its Android smartphones. It's been less than a day since Google announced that the update was rolling out to Nexus and Pixel devices, and BlackBerry made a similar announcement.
The January security update is available immediately for BlackBerry smartphones powered by Android operating system which have been purchased through the company's online store. This means that carrier-branded phones are not yet eligible for the update.
In order to find out when your carrier-branded BlackBerry smartphone will receive this security update, you will have to contact your retailer or carrier directly for more information.
According to Google, the January security patch should address 95 discovered vulnerabilities. Obviously, each OEM can add its own bug fixes in case they find other exploits that might affect their own devices.
BlackBerry has its own security bulletin in response to the Android Security Bulletin released yesterday. The long list of vulnerabilities fixed in this update includes critical, high, moderate, and low issues.
In particular, there are some vulnerabilities found in the Qualcomm's chipset that powers some of Blackberry's Android smartphones.
For example, BlackBerry has found some information disclosure vulnerabilities in the Qualcomm audio post processor, which could enable a local malicious app to access data outside of its permission levels.
Also, there's an elevation of privilege vulnerability in the Qualcomm sound driver that could enable a local malicious app to execute arbitrary code within the context of the kernel. Similar issues were found in the Qualcomm camera, Wi-Fi driver, GPU driver, and Qualcomm bootloader.
The most important vulnerability patched in this update refers to a remote code execution vulnerability in mediaserver, which could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.
If you're keen on finding out more about the vulnerabilities fixed in this update, you can check the full changelog of the security patch.