Earlier this month Google published it’s Android Security 2016 Year In Review. The 71 page report covers various aspects of Android security. From OS security, to information about the ecosystem as well as speaking about various vulnerabilities over the last year. It is a very interesting read, and if you have some time, I’d suggest you give it a good read. You can read the entire report here. …
“Several manufacturers, including Samsung, LG, BlackBerry, and OnePlus, regularly deliver security updates to flagship devices on the same day as Google’s updates to Nexus and Pixel devices, thereby providing their customers
with the most up-to-date security available.”
The next mention of BlackBerry is when speaking of Zero Days. This gets interesting.
“The combination of regular monthly security updates and fast responses by Android device manufacturers significantly mitigated the impact of zero day vulnerabilities against the Android platform. For example, CVE-2016-5195 (also known as Dirty Cow) was publicly disclosed on October 19, 2016. As the Android Security 2016 Year in Review / Android Platform Security 29 patch was available from upstream Linux, some device manufacturers, such
as BlackBerry, deployed a fix in time for the November 2016 security update. We created a special patch string (November 06, 2016) for devices to indicate the vulnerability had been fixed. A fix was required for the December 01, 2016 security patch level.”
Dirty Cow allowed attackers to escalate to root privileges through a race condition bug and gain write-access to read-only memory. The vulnerability had been present for nearly a decade in the android kernel and Linux. The kernel and Linux vulnerabilities were patched in October of 2016, and publicly disclosed October 19th. BlackBerry utilized this fix to push the patch to it’s android version in the November update. Google pushed the update within it’s December security update, following BlackBerry by a month. …