Connect with us

EMUI

May 2022 EMUI security patch fixes for these 17 privacy issues

Published

9 months ago

on

January 2022 EMUI issues

Huawei is always concerned about user overall system security and data privacy. To fix the security flaws encountered in the latest software system, Huawei releases a monthly security patch for EMUI and HarmonyOS-powered devices.

In the latest move, Huawei has dispatched the May 2022 EMUI security patch detail, which is published on the Android security bulletin. In detail, the latest security patch fixes 1 critical, 14 high, and 16 medium levels of CVE.

Are thinking the May 2022 security patch detail contains only above mentioned fixes? Well, that’s not it, the May 2022 EMUI patch also includes fixes for some additional issues, which can cause major problems for the users.

With May 2022 security update, the company resolves a total of 17 common vulnerabilities and issues found in EMUI software systems. Currently, Huawei is seeding the latest EMUI 12 major OS update in global Huawei smartphones.

Advertisement

However, there are some CVEs found in the latest EMUI 12. Therefore, the installation of the May 2022 update is really important for increased system security and privacy.

January 2022 EMUI issues

The May 2022 security update fixed the following EMUI issues:

CVE 1:

  • CVE-2021-46785: Improper permission control vulnerability in the Property module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0
  • Impact: Successful exploitation of this vulnerability can result in the obtaining of the unique device identifier.
  • Acknowledgment: Zhang Qing (ByteDance), Wang Kailong (NUS), and Bai Guang Dong (UQ)

CVE 2:

  • CVE-2021-46789: Configuration defects in the secure OS module
  • Severity: Medium
  • Affected versions: EMUI 11.0.1
  • Impact: Successful exploitation of this vulnerability will affect availability.

CVE 3:

  • CVE-2021-46788: Third-party pop-up window coverage vulnerability in the iConnect module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
  • Impact: System pop-up window may be covered to mislead users to perform incorrect operations.

CVE 4:

  • CVE-2021-46787: Improper permission control vulnerability in the AMS module
  • Severity: High
  • Affected versions: EMUI 11.0.1, EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may cause non-system application processes to crash.

CVE 5:

  • CVE-2021-46786: Insufficient verification of the parameters transferred by the application space in the audio module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE 6:

  • CVE-2021-40010: Heap overflow vulnerability in the bone voice ID trusted application (TA).
  • Severity: Critical
  • Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
  • Impact: Successful exploitation of this vulnerability may result in malicious code execution.

CVE 7:

  • CVE-2022-22258: Event notification vulnerability in the Wi-Fi module
  • Severity: Medium
  • Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, HMOS 2.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause third-party apps to intercept and add information and result in elevation of privilege.

CVE 8:

  • CVE-2022-29794: UAF vulnerability in the frame scheduling module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0
  • Impact: Successful exploitation of this vulnerability will affect integrity, availability, and confidentiality.

CVE 9:

  • CVE-2022-22261: Unstrict verification of the validity of the weight in the model in hiaiserver
  • Severity: Medium
  • Affected versions: EMUI 12.0.0
  • Impact: Successful exploitation of this vulnerability will cause AI service exceptions.

CVE 10:

  • CVE-2022-29793: Configuration defects in the activation lock of the mobile phone
  • Severity: Medium
  • Affected versions: EMUI 12.0.0
  • Impact: Successful exploitation of this vulnerability may affect availability.

CVE 11:

  • CVE-2022-29792: Serial number obtaining vulnerability in the chip assembly
  • Severity: Medium
  • Affected versions: EMUI 12.0.0
  • Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE 12:

  • CVE-2022-29791: Unstrict verification of the validity of the weight in the model in hiaiserver
  • Severity: Medium
  • Affected versions: EMUI 12.0.0
  • Impact: Successful exploitation of this vulnerability will cause AI service exceptions.

CVE 13:

  • CVE-2022-29790: Service abnormality caused by multi-threaded access to the database in the graphics acceleration service
  • Severity: Medium
  • Affected versions: EMUI 12.0.0
  • Impact: Successful exploitation of this vulnerability may cause service exceptions.

CVE 14:

  • CVE-2022-29789: Unstrict verification of the validity of the property in the model in hiaiserver
  • Severity: Medium
  • Affected versions: EMUI 12.0.0
  • Impact: Successful exploitation of this vulnerability will cause AI service exceptions.

CVE 15:

  • CVE-2022-29795: Null pointer dereference vulnerability in the frame scheduling module
  • Severity: High
  • Affected versions: EMUI 12.0.0
  • Impact: Successful exploitation of this vulnerability will affect availability.

CVE 16:

  • CVE-2022-29796: Unstrict verification of the validity of the weight in the model in hiaiserver
  • Severity: Medium
  • Affected versions: EMUI 12.0.0
  • Impact: Successful exploitation of this vulnerability will cause AI service exceptions.

CVE 17:

  • CVE-2022-22260: UAF vulnerability in the kernel module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0
  • Impact: Successful exploitation of this vulnerability will affect integrity and availability.

(Source: Huawei)

Advertisement
Related Topics:

Amy is our firmware and software specialist, she keeps her eagle eyes open for new software rollouts, beta programs, and other software related activities as well as new smartphone launch.

Continue Reading
Advertisement

EMUI

Huawei Nova Y90 and Y70 grabs January 2023 EMUI update

Published

23 hours ago

on

February 9, 2023

By

Huawei Nova Y90

Huawei has released the January 2023 software update for the Huawei Nova Y90 and Y70 smartphones in the global market, and this firmware clearly improves these phones’ security aspects for a better user experience.

Both Huawei Nova Y90 and Y70 runs EMUI 12 out of the box but it would be interesting if the company could have sent EMUI 13 instead of the security patch. Speaking of which, no one knows, when Huawei will rollout EMUI 13 for global users for the time being.

Coming back to the rollout, January 2023 security update for Huawei Nova Y90 and Nova Y70 comes with EMUI version 12.0.1.177 and EMUI 12.0.1.202. This update is suggested to install on all of the devices sold marketed outside of China and will appear in batches.

We suggest the corresponding users look into the settings > then open System & updates, followed by a Software update, and then tap on CHECK FOR UPDATES.  You can download the latest firmware also from the My Huawei app.

Advertisement

You should know that the update won’t erase your personal data but it is suggested for you back up any important data before updating the device. On the other hand, the package will be deleted automatically once the installation succeeds.

Thanks to the tipster for this amazing information, Masterpiece.

Huawei Nova Y90 January 2023 update

(via)

Advertisement
Continue Reading

EMUI

Check February 2023 EMUI security patch details

Published

3 days ago

on

February 7, 2023

By

Huawei EMUI February 2023 security patch

Huawei has released February 2023 EMUI security patch details that will fetch better safety for smartphones running EMUI 12.0.1, EMUI 12.0, and EMUI 11 in the global market.

In the meantime, Huawei keeps on sending security patches, optimizations, and other important performance upgrades over the OTA method directly to the devices.

Meanwhile, Huawei has not released the February 2023 EMUI security patch update for smartphones but it may soon be delivered to the corresponding eligible models.

Why it’s important?

Security patches are important and Huawei releases such upgrades for smartphones to implement high safety measures to guard the data and fight vulnerabilities. Such updates roll out monthly and quarterly sessions.

Advertisement

What fixed:

Huawei has fixed 2 issues in critical condition, 14 of them fixed in high mode, medium and low level of vulnerabilities are not recorded this time. While there are 23 common vulnerability exposures patched from the last firmware version.

Specifically, it fixes an unauthorized access vulnerability (CVE-2022-48286) in the multi-screen collaboration module, which could have affected the confidentiality of the files that you are sharing over the air.

There are two medium-level vulnerabilities fixed for Bluetooth modules, which could exploit user data. CVE-2022-48295 addresses the fix of authentification of the IHwAntiMalPlugin API, which could let malware attack your Huawei device.

Next comes the Huawei fix for permission management vulnerability in the SystemUI module, which may cause users to receive misleading broadcasts from malicious apps for storage exploitations.

Advertisement

Below you can check all of the CVE counts and codes mentioned in the February 2023 security bulletin.

Critical:

  • CVE-2022-22088, CVE-2022-41674

High:

  • CVE-2022-20456, CVE-2022-20461, CVE-2022-20489, CVE-2022-20490, CVE-2022-20492, CVE-2022-20493, CVE-2022-20494, CVE-2023-20905, CVE-2023-20913, CVE-2023-20915, CVE-2023-20920, CVE-2023-20921, CVE-2022-33255, CVE-2022-32635

Already included in previous updates:

  • CVE-2022-20504, CVE-2022-20506, CVE-2022-20513, CVE-2022-20515, CVE-2022-20516, CVE-2022-20517, CVE-2022-20518, CVE-2022-20520, CVE-2022-20521, CVE-2022-20525, CVE-2022-20528, CVE-2022-20530, CVE-2022-20537, CVE-2022-20539, CVE-2022-20541, CVE-2022-20544, CVE-2022-20546, CVE-2022-20552, CVE-2022-42535, CVE-2022-42542, CVE-2022-20496, CVE-2022-20566, CVE-2021-39793

February 2023 security patch may take some time to toss over the devices and we’ll keep you posted.

Huawei EMUI February 2023 security patch

Continue Reading

EMUI

Huawei Nova 7 January 2023 EMUI update is expanding

Published

4 days ago

on

February 6, 2023

By

Huawei Nova 7

Huawei is expanding the January 2023 security patch for Nova 7 global version that improves the phone’s capability against potential threats. According to the information, Huawei Nova 7 January 2023 EMUI update comes with version 12.0.0.244 and 233 megabytes. This update is rolling out in batches began to rollout early last month.

You can check for the update via Settings or via the My Huawei app. Below you can see the update changelog:

This update improves system security with security patches.

Security:

Advertisement
  1. Integrates security patches released in January 2023 for improved system security.

Update notes:

  1. This update will not erase your personal data but we recommend that you back up only important data before updating.
  2. If you encounter any issues during the update contact the Huawei customer service hotline.
  3. The update package will be deleted automatically after the update is complete.

Thanks to the tipster – Mohammed for this amazing update.

Huawei Nova 7 January 2023 update

Continue Reading