BlackBerry is rolling out a patch against the QuadRooter exploit to the Priv and DTEK50 starting today.
BlackBerry has built a patch against the fourth and final vulnerability of the QuadRooter exploit.
As a refresher, QuadRooter was able to use vulnerabilities in Qualcomm's firmware drivers to gain elevated permissions (read: root) on your phone or tablet. Zero cases have been reported in the wild, and the user would have to disable factory security settings and manually install an app using the QuadRooter code. In addition, all phones running Android 4.2 or higher and use Google Play have built-in protections that scan apps and warn the user before the installation. BlackBerry devices that run Android — the Priv and the DTEK50 — also have a secure boot process that verifies the system hasn't been tampered with.
In other words, this wasn't going to go far in the first place.
Nevertheless, it's great to see BlackBerry's active focus on security. Three of the four vulnerabilities were patched by Qualcomm and included in the August Android Security Patch, but the fourth was slated to come with the September patch.
Some critical Android vulnerabilities – for example, one that can be easily and remotely exploited with a publicly disclosed method to execute 'root' privileged malware – simply can't wait for a monthly update cycle. — BlackBerry Chief Security Officer, David Kleidermacher
Kleidermacher is correct. BlackBerry stakes its reputation on security, and patching a new firmware bug should take top priority. Well done, BlackBerry.
The patch has been released and is available today for devices purchased from ShopBlackBerry.com. Partners are expected to begin the rollout this week.