Connect with us

EMUI

These 49 EMUI security issues fixed with July 2021 update

Published

on

July 2021 privacy issue

Huawei has just published the latest July 2021 security patch and reveals 49 new EMUI security issues that were fixed with this new security patch.

The fixed EMUI security issues will prevent Common Vulnerabilities and Exposures or CVE from harming user data or blocking any unverified access to the device.

To be mentioned, Huawei’s current days are very hectic because HarmonyOS 2.0 rollout is going on in China and also in preparation for the next flagship global product launch conference, which will be held on July 29. This caused Huawei to polish a late security bulletin.

But, Huawei has made full efforts in finding the EMUI security issues and resolve them with the July 2021 security patch.

Advertisement

July EMUI security patch details:

Huawei has fixes 21 high, and 28 medium levels of CVE as well as 49 hidden EMUI security issues for EMUI and Magic UI devices. Check the solved CVE details, severity, impact, and more detailed below.

Huawei security

Below you can check all of the EMUI security issues mentioned in the July 2021 patch:

CVE 1:

  • CVE-2021-22475: Improper permission management vulnerability in some Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 2:

  • CVE-2021-22394: Buffer overflow vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.

CVE 3:

  • CVE-2021-36997: Low memory error in some Huawei devices due to the unlimited size of images to be parsed
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.

CVE 4:

  • CVE-2021-36996: Improper verification vulnerability in some Huawei devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause transmission of certain virtual information.

CVE 5:

  • CVE-2021-36995: Unauthorized file access vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE 6:

  • CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some Huawei devices due to race conditions
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.

CVE 7:

  • CVE-2021-22367: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE 8:

  • CVE-2021-36993: Memory leaks in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 9:

  • CVE-2021-36992: Public key verification vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 10:

  • CVE-2021-36991: Unauthorized file access vulnerability in some Huawei devices due to unstandardized path input
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.

CVE 11:

  • CVE-2021-36990: Vulnerability of tampering with the kernel in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 12:

  • CVE-2021-36989: Kernel crash vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 13:

  • CVE-2021-36988: Parameter verification issues in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE 14:

  • CVE-2021-36987: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE 15:

  • CVE-2021-36986: Vulnerability of tampering with the kernel in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 16:

  • CVE-2021-36985: Code injection vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.

CVE 17:

  • CVE-2021-22491: Input verification vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 18:

  • CVE-2021-22490: Permission verification vulnerability in some Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may affect the device performance.

CVE 19:

  • CVE-2021-22488: Unauthorized file access vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE 20:

  • CVE-2021-22487: Out-of-bounds read vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 21:

  • CVE-2021-22486: Unstandardized field names in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 22:

  • CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 23:

  • CVE-2021-22483: IP address spoofing vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may cause DoS.

CVE 24:

  • CVE-2021-22482: Uninitialized variable vulnerability in some Huawei devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause transmission of invalid data.

CVE 25:

  • CVE-2021-36998: Improper verification vulnerability in some devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds.

CVE 26:

  • CVE-2021-22474: Out-of-bounds memory access in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause process exceptions.

CVE 27:

  • CVE-2021-22473: Authentication vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 28:

  • CVE-2021-22472: Improper verification vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 29:

  • CVE-2021-22460: Boot restriction bypass vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 30:

  • CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 31:

  • CVE-2021-22450: Memory leaks in some Huawei devices due to exceptions when freeing memory
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.

CVE 32:

  • CVE-2021-22436: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE 33:

  • CVE-2021-22435: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 10.1.1, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE 34:

  • CVE-2021-22425: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE 35:

  • CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 36:

  • CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 37:

  • CVE-2021-22419: Startup verification vulnerability with non-Huawei APKs in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may allow knock-off apps to run automatically.

CVE 38:

  • CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 39:

  • CVE-2021-22417: Memory leaks and out-of-bounds access vulnerabilities in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

CVE 40:

  • CVE-2021-22407: Identity verification vulnerability due to unverified server when connecting Huawei phones to a computer via HiSuite
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 41:

  • CVE-2021-22406: Remote DoS vulnerability with the MeeTime app
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability will cause the app to exit unexpectedly.

CVE 42:

  • CVE-2021-22405: Configuration defects in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 43:

  • CVE-2021-22404: Directory traversal vulnerability in Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 44:

  • CVE-2021-22403: Vulnerability of hijacking unverified providers in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

CVE 45:

  • CVE-2021-22402: DoS vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause DoS attacks.

CVE 46:

  • CVE-2021-22401: Remote DoS vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE 47:

  • CVE-2021-22395: Code injection vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 48:

  • CVE-2021-36999: Buffer overflow vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.

CVE 49:

  • CVE-2021-37000: Improper permission management vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Amy is our firmware and software specialist, she keeps her eagle eyes open for new software rollouts, beta programs, and other software related activities as well as new smartphone launch.

EMUI

Huawei Nova 5T EMUI 12 update changelog

Published

on

Huawei Nova 5T EMUI 12 changelog

Huawei global consumers are waiting for their turn to test the brand new EMUI 12 software. Meanwhile, Huawei has begun the EMUI 12 beta testing program for popular smartphones including flagship devices.

In terms of popularity, the first choice is Huawei Nova 5T alongside flagships smartphones. Last November, Huawei confirmes the Nova 5T eligibility for EMUI 12 software system. Since then, Huawei Nova 5T is under EMUI 12 beta testing and receiving beta build via OTA update.

One thing to be noted, Huawei Nova 5T EMUI 12 beta is only available to users, who have participated in EMUI 12 beta testing through the Huawei Beta app. Meanwhile, the corresponding device users have to wait a bit longer to install the EMUI 12.

Coming to Huawei Nova 5T EMUI 12 changelog, brings features that will provide you with a new user experience thanks to the environment that is inspired by HarmonyOS operating system. The set of offerings consists of a fresh user interface that has a separate notification and control panel as well as functionalities such as new fonts.

Advertisement

More interestingly, EMUI 12 also has a multi-device file management system, Huawei Share as well as a cooperative authentication function between smartphones and laptops. To know more about the EMUI 12 beta features, check the full changelog below and explore the details.

Huawei Nova 5T EMUI 12 changelog

Huawei Nova 5T EMUI 12 Changelog:

Font:

  • Supports more flexible font adjustment, in which you can adjust the font size and width with a slider.

Neuromorphic Design:

  • Applies the concept of neuromorphic to UI elements. Simple colors, tones, shadows, and highlights are used to achieve a more realistic effect.

Smart Folders:

  • Supports pressing and holding app folders on the home screen to enlarge them and make the apps within them easier to access.

Notification Panel and Control Panel:

  • Allows you to swipe down from the top left of the screen to access the Notifications panel to view notifications, and swipe down from the top right of the screen to access the control panel for shortcuts.
  • Adds an audio control area to the control panel to make it easy to switch between different audio devices and apps. Allows you to quickly activate cross-screen cooperation by tapping symbols for Huawei laptops and tablets in the “Device +” area of ​​the control panel.

Cooperative Security:

  • Adds a cooperative authentication function between cellphones and laptops, which allows you to unlock your phone by entering the screen unlock password for the phone on Huawei laptop when the phone and laptop are connected through cross-screen cooperation are.

Multi-device file management:

  • Supports access to documents or pictures on the phone via a laptop without connecting the two devices with a data cable.

Huawei Share:

  • Improves the transfer speed of Huawei Share for faster file sharing between Huawei phones, tablets, and laptops
Continue Reading

EMUI

Have you received stable EMUI 12 on Huawei Mate 30 Pro?

Published

on

Huawei Mate 30 Pro EMUI 12

Hey Huawei users! EMUI 12 stable rollout has finally started in the global market for flagship smartphones. Are you excited to grab it? Well, the company has released the stable EMUI 12 for Huawei Mate 30 Pro smartphone users.

Currently, the EMUI 12 major software update is in the initial stage of the rollout. So, it may take some to cover all the Huawei Mate 30 Pro devices in the global market. To be mentioned, stable EMUI 12 launched with a package size of around 1GB, so maintain sufficient storage before upgrading.

Speaking about the Huawei Mate 30 Pro, it belongs to the first of Huawei that launched with 5G capabilities. Not only this, but Huawei Mate 30 series was also the first to equip with Huawei Mobile Service (HMS) instead of Google Mobile Service (GMS).

In terms of software, Huawei Mate 30 Pro initially unveiled factory packed with EMUI 10 based on Android 10 and followed by EMUI 10.1 as well as EMUI 11 software versions. Now, Huawei Mate 30 Pro owner it’s time to enjoy EMUI 12 software version and its brand new features.

Advertisement

Huawei Mate 30 Pro EMUI 12

The EMUI 12 comes with a new user interface design that applies the concept of neuromorphic to UI elements, flexible fonts, smart folders for easier access, a notification panel, and a control panel for a better user experience.

In addition, it has a cooperative authentication function between smartphones and laptops, brings support to multi-device file management as well as improves the file transfer speed via Huawei Share and more.

So, Huawei Mate 30 Pro smartphone owners have you received a stable EMUI 12 software update? Please, let us know your answer via the Twitter poll linked below and also leave your thoughts in the comment section.

Continue Reading

EMUI

Huawei EMUI January 2022 Updates List

Published

on

EMUI January 2022 updates

We’re officially in a new year and Huawei is about to release the latest January 2022 EMUI security patch details for its devices that protect them against threats and vulnerabilities. Throughout January 2022, Huawei will deliver several EMUI software updates.

New software update always arrives with numerous changes made to the system including optimizations, security improvements, feature addition, and more. The regular EMUI update rollout enhances the overall device performance and provides better security to the device.

Aside from this, the Chinese tech maker has also started EMUI 12 beta in the global market. This new version of EMUI is launched with brand new UI, latest features, and improvements that provide a next-level user experience similar to HarmonyOS.

Currently, the EMUI 12 beta testing is started for flagships smartphones belonging to P40, Mate 40, and Mate 30 series. However, the company has also begun the rollout of the EMUI 12 beta update for the registered beta testers.

Advertisement

However, a major update doesn’t affect the regular software update release of Huawei devices. So, in this update archive, you will get all insights of all types of EMUI updates released in the month of January 2022 for Huawei devices.

EMUI January 2022 updates

Huawei EMUI January 2022 Updates:

January 13, 2022:

  • Wow, Huawei Enjoy 9 with EMUI 8.2 getting July 2021 update [4 year old] that comes with EMUI 8.2 version 8.2.0.207/209. Read more

January 11, 2022:

  • Huawei P40 Lite E December 2021 update arrives with an upgraded EMUI version 10.1.0.224 (C432E2R1P1). Read more
  • Huawei has kicked off a new EMUI software update for the Huawei Nova 8i smartphone that prioritizes the installation of the November 2021 security patch. Read more

January 10, 2022:

  • Huawei is sending a new EMUI software update for Huawei P Smart 2021 smartphone that mainly installs December 2021 security patch. Read more
  • Huawei has kicked off a new EMUI software update for Huawei P30 Lite New Edition that EMUI version 10.1.0.388 with a software package size of 258MB. Read more

January 7, 2022:

  • Huawei P40 lite is receiving December 2021 security update with EMUI version 10.1.0.338 and update OTA package size of 258 megabytes. This software update improves the overall quality of the device and enhances its security.
  • Huawei Watch GT 2 is receiving major software update that brings new features for the consumers in the UK.

January 3, 2022:

  • Huawei MatePad T8 smartphone running on EMUI 10.1 is receiving December 2021 security update for improved system security. Read more
Continue Reading