EMUI
October 2021 Huawei EMUI Security details comes in advance
Huawei has released the October 2021 EMUI/Magic UI security patch details for its various devices in advance. It’s quite impressive that the company is more focused on its monthly updates and announced it early, which is not the case with previous patches.
This latest update contains monthly Android and Huawei patches for addressing some known bugs in the system. After, the installation of this monthly security patch it’ll stabilize the performance of the devices and keep them protected from some external and internal threads.
Moving with the update release note, the October 2021 EMUI security patch brings 46 fixes address by Google and 56 fixes address by the manufacturer Huawei. However, the company is still sending the September 2021 security release note to different regions.
Besides, this Chinese phone maker also published the HarmonyOS security patch details for September 2021. At the same time, it also started to roll out this update for various devices on HarmonyOS 2.0 by the start of this month.
And now, let talk about the October 2021 EMUI/Magic UI security patch containing the fixes released by Huawei and Google.
Android Security Patches:
There’s a total of 46 CVE, among them, there’s one critical level, 27 are of high level, and 2 medium level CVE fixes. In addition, 16 CVEs were already included in previously released fixes. You can check the details below-
- Critical: CVE-2021-0687
- High: CVE-2021-0644, CVE-2021-0682, CVE-2021-0683, CVE-2021-0684, CVE-2021-0686, CVE-2021-0598, CVE-2021-0688, CVE-2021-0689, CVE-2021-0690, CVE-2021-0595, CVE-2020-26558, CVE-2021-0695, CVE-2021-0680, CVE-2021-0681, CVE-2019-10581, CVE-2021-0518, CVE-2021-30290, CVE-2021-30294, CVE-2021-1941, CVE-2021-1948, CVE-2021-1974, CVE-2021-0869, CVE-2021-30290, CVE-2021-30294, CVE-2021-0685, CVE-2021-0693, CVE-2021-0869
- Medium: CVE-2021-1957, CVE-2021-1961
- Already included in previous updates: CVE-2021-0519, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-0515, CVE-2021-0514, CVE-2021-0513, CVE-2021-0571, CVE-2020-0368, CVE-2021-0592, CVE-2021-0577, CVE-2021-0639, CVE-2020-14381, CVE-2021-3347, CVE-2021-1947, CVE-2021-28375
Huawei Security Patches:
Huawei has acknowledged a total of 56 CVEs with the October 2021 EMUI/Magic UI security patch for Huawei and Honor devices. Furthermore, the latest fixes include 37 Medium, 13 high, and 6 low levels of CVEs. Scroll down for detailed information.
- CVE-2021-22326: Kernel space read/write vulnerability [Medium Severity]
- CVE-2021-22319: Improper verification vulnerability [Medium Severity]
- CVE-2021-22488: Unauthorized file access vulnerability [Medium Severity]
- CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in Huawei devices [Medium Severity]
- CVE-2021-22481: Verification errors [Medium Severity]
- CVE-2021-22489: DoS vulnerability [Medium Severity]
- CVE-2021-22469: Out-of-bounds memory read vulnerability [Medium Severity]
- CVE-2021-22460: Boot restriction bypass vulnerability in some Huawei phones [Medium Severity]
- CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices [Medium Severity]
- CVE-2021-22420: Vulnerability of forging package names by implementing the getBasePackageName method in some Huawei devices [High Severity]
- CVE-2021-22475: Improper permission management vulnerability [Medium Severity]
- CVE-2021-3506: Out-of-bounds operation vulnerability after rooting in some Huawei phones [High Severity]
- CVE-2021-37011: Improper verification vulnerability [High Severity]
- CVE-2021-22491: Input verification vulnerability [Medium Severity]
- CVE-2021-36999: Buffer overflow vulnerability [Medium Severity]
- CVE-2021-36997: Low memory error in some Huawei devices due to the unlimited size of images to be parsed [Medium Severity]
- CVE-2021-36995: Unauthorized file access vulnerability [Medium Severity]
- CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some Huawei devices due to race conditions [Low Severity]
- CVE-2021-36991: Unauthorized file access vulnerability in some Huawei devices due to unstandardized path input [Medium Severity]
- CVE-2021-36990: Vulnerability of tampering with the kernel in some Huawei phones [Medium Severity]
- CVE-2021-36989: Kernel crash vulnerability [Medium Severity]
- CVE-2021-36986: Vulnerability of tampering with the kernel in some Huawei phones [Medium Severity]
- CVE-2021-36985: Code injection vulnerability [Medium Severity]
- CVE-2021-22370: Improper verification vulnerability [High Severity]
- CVE-2021-37013: Permission control vulnerability with the setHdbKey API in HwPackageManagerServiceEx in some EMUI devices [Low Severity]
- CVE-2021-22345: Improper verification vulnerability [Medium Severity]
- CVE-2021-37020: Improper verification vulnerability [High Severity]
- CVE-2021-37119: Service logic vulnerability [Medium Severity]
- CVE-2021-22374: Out-of-bounds array access in the kernel of some Huawei phones [Medium Severity]
- CVE-2021-37117: Service logic vulnerability [Medium Severity]
- CVE-2021-37116: Input verification vulnerability [High Severity]
- CVE-2021-37114: Out-of-bounds read vulnerability [Low Severity]
- CVE-2021-37111: Memory leakage vulnerability [Medium Severity]
- CVE-2021-37110: Timing design defects [High Severity]
- CVE-2021-37103: Improper permission management vulnerability in the Huawei Wallet app [Medium Severity]
- CVE-2021-37093: Improper access control vulnerability [High Severity]
- CVE-2021-37092: Memory leakage vulnerability [Medium Severity]
- CVE-2021-37075: Credential management vulnerability [High Severity]
- CVE-2021-37056: Improper permission control vulnerability [Medium Severity]
- CVE-2021-37054: Identity spoofing and authentication bypass vulnerability [Medium Severity]
- CVE-2021-37053: Service logic vulnerability in some HUAWEI devices [Medium Severity]
- CVE-2021-37052: Exception log vulnerability High Severity]
- CVE-2021-37051: Out-of-bounds read vulnerability [Medium Severity]
- CVE-2021-37050: Missing sensitive data encryption vulnerability [High Severity]
- CVE-2021-37049: Heap-based buffer overflow vulnerability [Medium Severity]
- CVE-2021-37047: Input verification vulnerability [Low Severity]
- CVE-2021-37045: UAF vulnerability [High Severity]
- CVE-2021-37044: Permission control vulnerability [Medium Severity]
- CVE-2021-37042: Improper verification vulnerability [Low Severity]
- CVE-2021-37041: Improper verification vulnerability [Low Severity]
- CVE-2021-37040: Parameter injection vulnerability [Medium Severity]
- CVE-2021-37038: Improper access control vulnerability [Medium Severity]
- CVE-2021-37021: Improper verification vulnerability [Medium Severity]
- CVE-2021-37120: Double free vulnerability [High Severity]
- CVE-2021-37121: Configuration defects in some [Medium Severity]
- CVE-2021-37014: Integer overflow vulnerability [Medium Severity]
Availability:
At present, the company is only releasing the September security patch for Global and domestic users. The October Security patch is yet to roll out for the users. However, looking at the focus of the company, it’ll soon start the rollout process, we’ll keep to posted further. Until then, Stay connected with us.
Huawei has released the January 2023 software update for the Huawei Nova Y90 and Y70 smartphones in the global market, and this firmware clearly improves these phones’ security aspects for a better user experience.
Both Huawei Nova Y90 and Y70 runs EMUI 12 out of the box but it would be interesting if the company could have sent EMUI 13 instead of the security patch. Speaking of which, no one knows, when Huawei will rollout EMUI 13 for global users for the time being.
Coming back to the rollout, January 2023 security update for Huawei Nova Y90 and Nova Y70 comes with EMUI version 12.0.1.177 and EMUI 12.0.1.202. This update is suggested to install on all of the devices sold marketed outside of China and will appear in batches.
We suggest the corresponding users look into the settings > then open System & updates, followed by a Software update, and then tap on CHECK FOR UPDATES. You can download the latest firmware also from the My Huawei app.
You should know that the update won’t erase your personal data but it is suggested for you back up any important data before updating the device. On the other hand, the package will be deleted automatically once the installation succeeds.
Thanks to the tipster for this amazing information, Masterpiece.
(via)
Huawei has released February 2023 EMUI security patch details that will fetch better safety for smartphones running EMUI 12.0.1, EMUI 12.0, and EMUI 11 in the global market.
In the meantime, Huawei keeps on sending security patches, optimizations, and other important performance upgrades over the OTA method directly to the devices.
Meanwhile, Huawei has not released the February 2023 EMUI security patch update for smartphones but it may soon be delivered to the corresponding eligible models.
Why it’s important?
Security patches are important and Huawei releases such upgrades for smartphones to implement high safety measures to guard the data and fight vulnerabilities. Such updates roll out monthly and quarterly sessions.
What fixed:
Huawei has fixed 2 issues in critical condition, 14 of them fixed in high mode, medium and low level of vulnerabilities are not recorded this time. While there are 23 common vulnerability exposures patched from the last firmware version.
Specifically, it fixes an unauthorized access vulnerability (CVE-2022-48286) in the multi-screen collaboration module, which could have affected the confidentiality of the files that you are sharing over the air.
There are two medium-level vulnerabilities fixed for Bluetooth modules, which could exploit user data. CVE-2022-48295 addresses the fix of authentification of the IHwAntiMalPlugin API, which could let malware attack your Huawei device.
Next comes the Huawei fix for permission management vulnerability in the SystemUI module, which may cause users to receive misleading broadcasts from malicious apps for storage exploitations.
Below you can check all of the CVE counts and codes mentioned in the February 2023 security bulletin.
Critical:
- CVE-2022-22088, CVE-2022-41674
High:
- CVE-2022-20456, CVE-2022-20461, CVE-2022-20489, CVE-2022-20490, CVE-2022-20492, CVE-2022-20493, CVE-2022-20494, CVE-2023-20905, CVE-2023-20913, CVE-2023-20915, CVE-2023-20920, CVE-2023-20921, CVE-2022-33255, CVE-2022-32635
Already included in previous updates:
- CVE-2022-20504, CVE-2022-20506, CVE-2022-20513, CVE-2022-20515, CVE-2022-20516, CVE-2022-20517, CVE-2022-20518, CVE-2022-20520, CVE-2022-20521, CVE-2022-20525, CVE-2022-20528, CVE-2022-20530, CVE-2022-20537, CVE-2022-20539, CVE-2022-20541, CVE-2022-20544, CVE-2022-20546, CVE-2022-20552, CVE-2022-42535, CVE-2022-42542, CVE-2022-20496, CVE-2022-20566, CVE-2021-39793
February 2023 security patch may take some time to toss over the devices and we’ll keep you posted.
Huawei is expanding the January 2023 security patch for Nova 7 global version that improves the phone’s capability against potential threats. According to the information, Huawei Nova 7 January 2023 EMUI update comes with version 12.0.0.244 and 233 megabytes. This update is rolling out in batches began to rollout early last month.
You can check for the update via Settings or via the My Huawei app. Below you can see the update changelog:
This update improves system security with security patches.
Security:
- Integrates security patches released in January 2023 for improved system security.
Update notes:
- This update will not erase your personal data but we recommend that you back up only important data before updating.
- If you encounter any issues during the update contact the Huawei customer service hotline.
- The update package will be deleted automatically after the update is complete.
Thanks to the tipster – Mohammed for this amazing update.
