04-10-18 07:08 PM
39 12
tools
  1. Paraliotis3's Avatar
    Does Crackberry or Blackberry are aware about this???
    Priv is protected ?
    01-11-18 12:46 PM
  2. Dunt Dunt Dunt's Avatar
    Everyone is aware.... couple of threads on this already.

    Currently no the PRIV isn't protected from Specter, Meltdown doesn't apply. Have to see if the PRIV get's the January Patch and any future updates.
    01-11-18 01:04 PM
  3. glwerry's Avatar
    It's not Crackberry's responsibility - they are a forum.

    Blackberry is aware.

    PRIV is NOT protected - as far as I have heard, only Microsoft has released updates to partially address the Meltdown issue.
    I don't think that ANYONE has been able to patch Spectre yet - technically you would have to fix the actual hardware in both cases, but Meltdown is easier to address with a software patch.

    It would be a good idea to update the Chrome browser, as I believe that has had some fixes done.
    01-11-18 01:07 PM
  4. Matty's Avatar
    Does Crackberry or Blackberry are aware about this???
    Priv is protected ?
    As others have said. Blackberry is well aware of the issue and I'm sure they decided a couple months ago (when it was found) if they were going to patch it or not. All we can do is wait to hear from Blackberry. Don't think another thread is needed.

    Google says their Jan 5th security patch partially fixes the issue and it will be fully patched later on. . 😃
    01-11-18 03:03 PM
  5. gizmo21's Avatar
    Best thing beside not (sideloading) unknown apps is to use the newest Browserversion of one of the major devs like Google or Mozilla and perhaps use noscript add-ons.

    But that is common sense anyway if you are security aware.

    I guess we will also see bad mail/messaging-attachments in the future but to be aware of those is also a know vector anyway.
    01-11-18 04:50 PM
  6. thurask's Avatar
    The CPU is partially vulnerable, in that the two high power Cortex A57 cores use speculative execution, i.e. Spectre, while the four low power Cortex A53 cores do not. No ARM chip other than the Cortex A75 (which is too new to matter here) is vulnerable to Meltdown.

    In terms of OS-level mitigations, while Google claims Android isn't directly vulnerable to Meltdown or Spectre, they did introduce a tweak intended to make attacks like Meltdown/Spectre harder in the January 5, 2018 patch level. Since the Priv is officially EOL, and since precedent puts BB's promise to update the Priv at about the same trustworthiness as their promises for Nougat for the Priv and BB10 for the PlayBook, I doubt it'll get patched.

    And, yes, apps themselves can introduce mitigations, like the browser example above. So keep up to date.
    FF22 likes this.
    01-11-18 11:06 PM
  7. Rico4you's Avatar
    BlackBerry did announce when they talked about PRIV RE end of security updates that any security CRITICAL issues would be addressed for PRIV.
    01-13-18 05:35 AM
  8. Chuck Finley69's Avatar
    BlackBerry did announce when they talked about PRIV RE end of security updates that any security CRITICAL issues would be addressed for PRIV.
    Appears to be more talk, less action since device is EOL.
    misterabrasive likes this.
    01-13-18 06:35 AM
  9. Rico4you's Avatar
    Appears to be more talk, less action since device is EOL.
    Let's see if PRIV gets update Re Critical issue.
    EOL? My PRIV running better than ever and get app updates. Use alongside my KEYone.
    01-13-18 07:17 AM
  10. Chuck Finley69's Avatar
    Let's see if PRIV gets update Re Critical issue.
    EOL? My PRIV running better than ever and get app updates. Use alongside my KEYone.
    I'm referring to status from BB perspective regarding exiting hardware when I say EOL. I believe they've washed their hands of all hardware support not paid for by a current licensee. Meltdown and Sceptre will just push users to new devices sooner and BB will just let things bleed out till official EOL. So I'm saying a "practically EOL" situation, unfortunately.
    01-13-18 07:24 AM
  11. Rico4you's Avatar
    I'm referring to status from BB perspective regarding exiting hardware when I say EOL. I believe they've washed their hands of all hardware support not paid for by a current licensee. Meltdown and Sceptre will just push users to new devices sooner and BB will just let things bleed out till official EOL. So I'm saying a "practically EOL" situation, unfortunately.
    Respectful opinion.
    01-13-18 07:50 AM
  12. GiveMeAnthony's Avatar
    If you have Chrome or a Chromium based browser like Brave, then you can go to chrome://flags/#enable-site-per-process in the address bar and enable strict site isolation. According to Google, this should mitigate attacks by isolating sites into separate address spaces. Chrome 64 will include actual patches.
    01-15-18 05:51 AM
  13. CarstenF's Avatar
    According to ct" magazine, a variant of Meltdown can be used to attack the 2 Cortex A57 cores in the Priv. Also of course, a variant of Spectre can be used to attack all cores.
    01-26-18 12:56 PM
  14. thurask's Avatar
    According to ct" magazine, a variant of Meltdown can be used to attack the 2 Cortex A57 cores in the Priv. Also of course, a variant of Spectre can be used to attack all cores.
    The Cortex A53 cores in the Priv (and KEYone/Motion) lack speculative execution, so neither Spectre nor Meltdown can affect them. As well, according to ARM, the Cortex A57 is vulnerable to Spectre but not Meltdown.
    01-26-18 01:08 PM
  15. panopticon's Avatar
    Since the Priv is officially EOL, and since precedent puts BB's promise to update the Priv at about the same trustworthiness as their promises for Nougat for the Priv and BB10 for the PlayBook, I doubt it'll get patched.
    Not to mention the fact these vulnerabilities were well known in the industry for months before being made public. It would be very surprising if BlackBerry was not aware of them. How else could any of the OEMs have had patches ready so soon after the official announcement?

    Clearly, had BlackBerry intended to patch it on the PRIV they would have simply waited an extra month or two before declaring the PRIV officially EOL.
    01-26-18 01:46 PM
  16. conite's Avatar
    Not to mention the fact these vulnerabilities were well known in the industry for months before being made public. It would be very surprising if BlackBerry was not aware of them. How else could any of the OEMs have had patches ready so soon after the official announcement?

    Clearly, had BlackBerry intended to patch it on the PRIV they would have simply waited an extra month or two before declaring the PRIV officially EOL.
    BlackBerry was notified about Krack on Oct 13th.

    Despite that, they were the first to patch for it. They beat Apple and Google by 3-5 weeks.

    Priv got the Oct patch (its last) and the DTEKs got the Nov patch early/mid Nov with the Krack fix included. The KEYᵒⁿᵉ got a 2nd Oct patch in very early Nov with the fix included too.

    As far as Spectre, Meltdown is concerned, I'm not sure Qualcomm had all the answers back then. It will be a long-term iterative fix process. The first gen fixes are really just appearing this month (Jan).
    Last edited by conite; 01-26-18 at 02:42 PM.
    01-26-18 01:59 PM
  17. panopticon's Avatar
    BlackBerry was notified on Oct 13th.

    Despite that, they were the first to patch for it. They beat Apple and Google by 4-6 weeks.

    Priv made the Oct patch (its last) prior to that, but the other 3 got the Nov patch early in the month, and the Krack fix was included.
    What does KRACK have to do with it? That's a WIFI vulnerability. Why are you confusing the issue and attempting to manipulate the conversation? This discussion is about Meltdown/Spectre not KRACK. And no, the PRIV has not been patched for it (unless you can prove it) and probably never will be...because as I said, BlackBerry conveniently terminated support for the PRIV (and patted themselves on the back for it) one month before Meltdown/Spectre was made pubic.
    01-26-18 02:29 PM
  18. conite's Avatar
    What does KRACK have to do with it? That's a WIFI vulnerability. Why are you confusing the issue and attempting to manipulate the conversation? This discussion is about Meltdown/Spectre not KRACK. And no, the PRIV has not been patched for it (unless you can prove it) and probably never will be...because as I said, BlackBerry conveniently terminated support for the PRIV (and patted themselves on the back for it) one month before Meltdown/Spectre was made pubic.
    You didn't read my entire post. It was context.

    Priv did get the Krack fix, but since the first iteration of Spectre patches are just flowing out now, it obviously didn't get that.
    01-26-18 02:34 PM
  19. panopticon's Avatar
    You didn't read my entire post. It was context.

    Priv did get the Krack fix, but since the first iteration of Spectre patches are just flowing out now, it obviously didn't get that.
    I did read the entire post, and in the 'context' of KRACK being completely unrelated to the vulnerability in question...I found it to be deliberately misleading. Still do.
    01-26-18 03:12 PM
  20. G_Unit MVP's Avatar
    BlackBerry did announce when they talked about PRIV RE end of security updates that any security CRITICAL issues would be addressed for PRIV.
    Yes, but they have a funny way to define "CRITICAL"....
    01-26-18 03:42 PM
  21. misterabrasive's Avatar
    I did read the entire post, and in the 'context' of KRACK being completely unrelated to the vulnerability in question...I found it to be deliberately misleading. Still do.
    I hope you don't mind if I have a little cheese to go with your whine.
    bibbula likes this.
    01-26-18 04:16 PM
  22. panopticon's Avatar
    I hope you don't mind if I have a little cheese to go with your whine. https://uploads.tapatalk-cdn.com/201...5bb028ae3b.jpg
    Thanks for showing up to cut the cheese! I'll be leaving now Lol...
    01-26-18 04:34 PM
  23. jajor's Avatar
    BlackBerry was notified about Krack on Oct 13th.

    Despite that, they were the first to patch for it. They beat Apple and Google by 3-5 weeks.

    Priv got the Oct patch (its last) and the DTEKs got the Nov patch early/mid Nov with the Krack fix included. The KEYᵒⁿᵉ got a 2nd Oct patch in very early Nov with the fix included too.

    As far as Spectre, Meltdown is concerned, I'm not sure Qualcomm had all the answers back then. It will be a long-term iterative fix process. The first gen fixes are really just appearing this month (Jan).
    Blackberry was notified on 13 october but QNX which is part of Blackberry on 28 August .??? It's strange.
    01-26-18 06:10 PM
  24. conite's Avatar
    Blackberry was notified on 13 october but QNX which is part of Blackberry on 28 August .??? It's strange.
    Yup. Odd but true.
    Rico4you likes this.
    01-26-18 06:19 PM
  25. CarstenF's Avatar
    The Cortex A53 cores in the Priv (and KEYone/Motion) lack speculative execution, so neither Spectre nor Meltdown can affect them. As well, according to ARM, the Cortex A57 is vulnerable to Spectre but not Meltdown.
    The link stated by you actually does NOT say that the A57 cores used in the Blackberry Priv are not vulnerable to Meltdown.
    On the contrary, in the table it is listed that the A57 is vulnerable to bounds check bypass, which I think is a variant of Meltdown, at least checking for an out of bounds exception is used in Meltdown. Unfortunately in that links ARM does not use the terms Meltdown or Spectre, so one has to guess. Meltdown could also be variant 3a in the table, but that variant also affects the A57.
    Also, the leading German IT magazine ct' lists the A57 as being vulnerable to a variant of Meltdown.
    01-27-18 01:25 PM
39 12

Similar Threads

  1. Replies: 3
    Last Post: 01-23-18, 06:16 AM
  2. No BlackBerry data error
    By Vigneshd332 in forum General BBM Chat
    Replies: 2
    Last Post: 01-13-18, 02:00 AM
  3. Have symbols appear in ABC keyboard and use by holding down key?
    By Mr_Kaffeine91 in forum BlackBerry DTEK60
    Replies: 1
    Last Post: 01-11-18, 04:09 PM
  4. BlackBerry Power Center update brings new notification options and stability fixes
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 01-11-18, 10:40 AM
  5. Priv going nuts after last update. New battery or factory reset?
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 01-11-18, 07:48 AM
LINK TO POST COPIED TO CLIPBOARD