EMUI
These 13 privacy issues on EMUI software system solved with May 2021 security improvements
Huawei never wants to disappoint its users in any situation and conditions as well as tries to do its best in taking care of Huawei devices and delivers regular software updates to ehanace the overall performance and system security.
Alongside the hectic schedule, Huawei has recently released the latest May 2021 security patch details, which fixes several new bugs and vulnerabilities found in the latest software build and provides better system security.
May 2021 security patch details: This security update fixes 3 critical, 10 high, and 4 medium levels of CVE for improved system security.
Moreover, Huawei also tries to find the hidden privacy issue that enters the device with previous updates, which are very dangerous for users. Now, the question arrives in the user’s mind that How can they harm your device?
They create a way for hackers to easily enter your device and increase the possibility of stealing and leakage of your personal and private data, which is very risky.
With this security patch, the company has found and resolved 13 privacy issues for user’s safety. Check the solved CVE details, danger level, impact, and more detailed below:
CVE 1:
CVE-2021-22348: UAF security vulnerability in some Huawei phones
Danger level: High
EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact of this CVE on the device: Successful exploitation of this vulnerability may cause code to execute.
CVE 2:
CVE-2021-22343: Logic bypass vulnerability in some Huawei phones
Danger level: Medium
EMUI/Magic UI affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact of this CVE on the device: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE 3:
CVE-2021-22351: DoS vulnerability in some Huawei phones
Danger level: Medium
EMUI/Magic UI affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact of this CVE on the device: Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table, causing system exceptions.
CVE 4:
CVE-2021-22350: UAF security vulnerability in some Huawei phones
Danger level: Medium
EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0,Magic UI 3.1.1, Magic UI 3.1.0
Impact of this CVE on the device: Successful exploitation of this vulnerability may cause the device to crash and restart.
CVE 5:
CVE-2021-22349: DoS vulnerability in some Huawei phones
Danger level: Medium
EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact of this CVE on the device: Successful exploitation of insufficient input verification may cause the system to restart.
CVE 6:
CVE-2021-22352: Vulnerability of hijacking unverified providers in some Huawei phones
Danger level: Medium
EMUI/Magic UI affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact of this CVE on the device: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.
CVE 7:
CVE-2021-22347: DoS vulnerability in some Huawei phones
Danger level: Low
EMUI/Magic UI affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact of this CVE on the device: Successful exploitation of this vulnerability may cause temporary DoS.
CVE 8:
CVE-2021-22346: Improper permission management vulnerability in some Huawei phones
Danger level: High
EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact of this CVE on the device: Successful exploitation of this vulnerability may lead to the disclosure of user habits.
CVE 9:
CVE-2021-22345: Improper verification vulnerability in some Huawei phones
Danger level: Medium
EMUI/Magic UI affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact of this CVE on the device: Successful exploitation of this vulnerability may cause out-of-bounds memory write.
CVE 10:
CVE-2021-22344: DoS vulnerability in some Huawei phones
Danger level: Low
EMUI/Magic UI affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact of this CVE on the device: Successful exploitation of this vulnerability may cause temporary DoS.
CVE 11:
CVE-2021-22353: UAF security vulnerability in some Huawei phones
Danger level: Low
EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact of this CVE on the device: Successful exploitation of this vulnerability may cause the kernel to restart.
CVE 12:
CVE-2021-22354: Driver type confusion vulnerability in some Huawei phones
Danger level: Low
EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact of this CVE on the device: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE 13:
CVE-2021-22334: Malicious Wi-Fi construction vulnerability in some Huawei phones
Danger level: Medium
EMUI/Magic UI affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact of this CVE on the device: Successful exploitation of this vulnerability may cause app redirections.
Huawei has released the January 2023 software update for the Huawei Nova Y90 and Y70 smartphones in the global market, and this firmware clearly improves these phones’ security aspects for a better user experience.
Both Huawei Nova Y90 and Y70 runs EMUI 12 out of the box but it would be interesting if the company could have sent EMUI 13 instead of the security patch. Speaking of which, no one knows, when Huawei will rollout EMUI 13 for global users for the time being.
Coming back to the rollout, January 2023 security update for Huawei Nova Y90 and Nova Y70 comes with EMUI version 12.0.1.177 and EMUI 12.0.1.202. This update is suggested to install on all of the devices sold marketed outside of China and will appear in batches.
We suggest the corresponding users look into the settings > then open System & updates, followed by a Software update, and then tap on CHECK FOR UPDATES. You can download the latest firmware also from the My Huawei app.
You should know that the update won’t erase your personal data but it is suggested for you back up any important data before updating the device. On the other hand, the package will be deleted automatically once the installation succeeds.
Thanks to the tipster for this amazing information, Masterpiece.
(via)
Huawei has released February 2023 EMUI security patch details that will fetch better safety for smartphones running EMUI 12.0.1, EMUI 12.0, and EMUI 11 in the global market.
In the meantime, Huawei keeps on sending security patches, optimizations, and other important performance upgrades over the OTA method directly to the devices.
Meanwhile, Huawei has not released the February 2023 EMUI security patch update for smartphones but it may soon be delivered to the corresponding eligible models.
Why it’s important?
Security patches are important and Huawei releases such upgrades for smartphones to implement high safety measures to guard the data and fight vulnerabilities. Such updates roll out monthly and quarterly sessions.
What fixed:
Huawei has fixed 2 issues in critical condition, 14 of them fixed in high mode, medium and low level of vulnerabilities are not recorded this time. While there are 23 common vulnerability exposures patched from the last firmware version.
Specifically, it fixes an unauthorized access vulnerability (CVE-2022-48286) in the multi-screen collaboration module, which could have affected the confidentiality of the files that you are sharing over the air.
There are two medium-level vulnerabilities fixed for Bluetooth modules, which could exploit user data. CVE-2022-48295 addresses the fix of authentification of the IHwAntiMalPlugin API, which could let malware attack your Huawei device.
Next comes the Huawei fix for permission management vulnerability in the SystemUI module, which may cause users to receive misleading broadcasts from malicious apps for storage exploitations.
Below you can check all of the CVE counts and codes mentioned in the February 2023 security bulletin.
Critical:
- CVE-2022-22088, CVE-2022-41674
High:
- CVE-2022-20456, CVE-2022-20461, CVE-2022-20489, CVE-2022-20490, CVE-2022-20492, CVE-2022-20493, CVE-2022-20494, CVE-2023-20905, CVE-2023-20913, CVE-2023-20915, CVE-2023-20920, CVE-2023-20921, CVE-2022-33255, CVE-2022-32635
Already included in previous updates:
- CVE-2022-20504, CVE-2022-20506, CVE-2022-20513, CVE-2022-20515, CVE-2022-20516, CVE-2022-20517, CVE-2022-20518, CVE-2022-20520, CVE-2022-20521, CVE-2022-20525, CVE-2022-20528, CVE-2022-20530, CVE-2022-20537, CVE-2022-20539, CVE-2022-20541, CVE-2022-20544, CVE-2022-20546, CVE-2022-20552, CVE-2022-42535, CVE-2022-42542, CVE-2022-20496, CVE-2022-20566, CVE-2021-39793
February 2023 security patch may take some time to toss over the devices and we’ll keep you posted.
Huawei is expanding the January 2023 security patch for Nova 7 global version that improves the phone’s capability against potential threats. According to the information, Huawei Nova 7 January 2023 EMUI update comes with version 12.0.0.244 and 233 megabytes. This update is rolling out in batches began to rollout early last month.
You can check for the update via Settings or via the My Huawei app. Below you can see the update changelog:
This update improves system security with security patches.
Security:
- Integrates security patches released in January 2023 for improved system security.
Update notes:
- This update will not erase your personal data but we recommend that you back up only important data before updating.
- If you encounter any issues during the update contact the Huawei customer service hotline.
- The update package will be deleted automatically after the update is complete.
Thanks to the tipster – Mohammed for this amazing update.
