HarmonyOS August 2021 security patch details for smartphones

Huawei has published the August 2021 HarmonyOS security details for phones and tablet devices. According to the information, Huawei has fixed a number of new security flaws with the latest HarmonyOS device security patches.

These security patches are released under monthly security maintenance for Huawei’s major flagship models and the rest of them draws under the quarterly section. If any of the corresponding HarmonyOS device users receive the August 2021 HarmonyOS security patch, you are recommended to install the updates on your device.

Security Patch:

Security updates are just patches that come with feature enhancements, performance improvements, bug fixes, etc. The more you delay the installation of these Security Updates, the more vulnerable your device will become.

HarmonyOS August 2021 security patch details:

HarmonyOS August 2021 security patches fix 4 medium levels of CVE in the framework. 27 medium levels of CVEs were found and fixed in HarmonyOS 2.0 kernel. A total of 5 medium to low-level CVEs are fixed in the system.

On the other hand, there are 2 high and 7 medium levels of CVE fixed in the HarmonyOS 2.0 app section. There are also third-party libraries, that are covered by the HarmonyOS security patches protection and fix 40 CVEs of high to medium levels found in the HarmonyOS 2.0 version.

If the security patch level of your Huawei phone or tablet is 2021-08-01 or later, all issues described in this update and the HarmonyOS Security Bulletin – August 2021 have been resolved.

CVE – CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that’s been assigned a CVE ID number.

A few of dangers fixed in this update:

CVE-2021-22323/CVE-2021-22369:

• Description: Some Huawei products have a vulnerability of not verifying parameters, leading to memory leaks and out-of-bounds memory accesses.
• Harm: Successful exploitation of this vulnerability may affect data availability and confidentiality.

CVE-2021-22427/CVE-2021-22428:

• Description: Some Huawei products have a race condition vulnerability.
• Harm: Successful exploitation of this vulnerability may bypass authentication.

CVE-2021-36987:

• Description: Some Huawei products have a vulnerability of releasing the same linked list node multiple times due to race conditions.
• Harm: Successful exploitation of this vulnerability may cause a system reset.

CVE-2021-22472:

• Description: Some Huawei products have an improper verification vulnerability.
• Harm: exploitation of this vulnerability may affect data confidentiality.