Connect with us

EMUI

These 49 EMUI security issues fixed with July 2021 update

Published

on

July 2021 privacy issue

Huawei has just published the latest July 2021 security patch and reveals 49 new EMUI security issues that were fixed with this new security patch.

The fixed EMUI security issues will prevent Common Vulnerabilities and Exposures or CVE from harming user data or blocking any unverified access to the device.

To be mentioned, Huawei’s current days are very hectic because HarmonyOS 2.0 rollout is going on in China and also in preparation for the next flagship global product launch conference, which will be held on July 29. This caused Huawei to polish a late security bulletin.

But, Huawei has made full efforts in finding the EMUI security issues and resolve them with the July 2021 security patch.

Advertisement

July EMUI security patch details:

Huawei has fixes 21 high, and 28 medium levels of CVE as well as 49 hidden EMUI security issues for EMUI and Magic UI devices. Check the solved CVE details, severity, impact, and more detailed below.

Huawei security

Below you can check all of the EMUI security issues mentioned in the July 2021 patch:

CVE 1:

  • CVE-2021-22475: Improper permission management vulnerability in some Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 2:

  • CVE-2021-22394: Buffer overflow vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.

CVE 3:

  • CVE-2021-36997: Low memory error in some Huawei devices due to the unlimited size of images to be parsed
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.

CVE 4:

  • CVE-2021-36996: Improper verification vulnerability in some Huawei devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause transmission of certain virtual information.

CVE 5:

  • CVE-2021-36995: Unauthorized file access vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE 6:

  • CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some Huawei devices due to race conditions
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.

CVE 7:

  • CVE-2021-22367: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE 8:

  • CVE-2021-36993: Memory leaks in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 9:

  • CVE-2021-36992: Public key verification vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 10:

  • CVE-2021-36991: Unauthorized file access vulnerability in some Huawei devices due to unstandardized path input
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.

CVE 11:

  • CVE-2021-36990: Vulnerability of tampering with the kernel in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 12:

  • CVE-2021-36989: Kernel crash vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 13:

  • CVE-2021-36988: Parameter verification issues in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE 14:

  • CVE-2021-36987: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE 15:

  • CVE-2021-36986: Vulnerability of tampering with the kernel in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 16:

  • CVE-2021-36985: Code injection vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.

CVE 17:

  • CVE-2021-22491: Input verification vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 18:

  • CVE-2021-22490: Permission verification vulnerability in some Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may affect the device performance.

CVE 19:

  • CVE-2021-22488: Unauthorized file access vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE 20:

  • CVE-2021-22487: Out-of-bounds read vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 21:

  • CVE-2021-22486: Unstandardized field names in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 22:

  • CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 23:

  • CVE-2021-22483: IP address spoofing vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may cause DoS.

CVE 24:

  • CVE-2021-22482: Uninitialized variable vulnerability in some Huawei devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause transmission of invalid data.

CVE 25:

  • CVE-2021-36998: Improper verification vulnerability in some devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds.

CVE 26:

  • CVE-2021-22474: Out-of-bounds memory access in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause process exceptions.

CVE 27:

  • CVE-2021-22473: Authentication vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 28:

  • CVE-2021-22472: Improper verification vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 29:

  • CVE-2021-22460: Boot restriction bypass vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 30:

  • CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 31:

  • CVE-2021-22450: Memory leaks in some Huawei devices due to exceptions when freeing memory
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.

CVE 32:

  • CVE-2021-22436: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE 33:

  • CVE-2021-22435: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 10.1.1, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE 34:

  • CVE-2021-22425: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE 35:

  • CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 36:

  • CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 37:

  • CVE-2021-22419: Startup verification vulnerability with non-Huawei APKs in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may allow knock-off apps to run automatically.

CVE 38:

  • CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 39:

  • CVE-2021-22417: Memory leaks and out-of-bounds access vulnerabilities in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

CVE 40:

  • CVE-2021-22407: Identity verification vulnerability due to unverified server when connecting Huawei phones to a computer via HiSuite
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 41:

  • CVE-2021-22406: Remote DoS vulnerability with the MeeTime app
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability will cause the app to exit unexpectedly.

CVE 42:

  • CVE-2021-22405: Configuration defects in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 43:

  • CVE-2021-22404: Directory traversal vulnerability in Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 44:

  • CVE-2021-22403: Vulnerability of hijacking unverified providers in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

CVE 45:

  • CVE-2021-22402: DoS vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause DoS attacks.

CVE 46:

  • CVE-2021-22401: Remote DoS vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE 47:

  • CVE-2021-22395: Code injection vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 48:

  • CVE-2021-36999: Buffer overflow vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.

CVE 49:

  • CVE-2021-37000: Improper permission management vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Amy is our firmware and software specialist, she keeps her eagle eyes open for new software rollouts, beta programs, and other software related activities as well as new smartphone launch.

EMUI

Huawei P20 global users gets July 2021 security update

Published

on

Huawei P20 Update

Huawei is releasing a new software update for the global consumers of the P20 device. This latest software rollout brings July 2021 security patch and comes with EMUI 10 version 10.0.0.192. The July 2021 Huawei P20 security update is currently rolling out in Europe and may expand to more models soon. (via Huaweiblog)

Huawei P20 and P20 Pro are eligible to receive HarmonyOS 2.0 operating system upgrades in China. However, Huawei has not confirmed any such treatment for global users.

Coming back to this software update, the latest Huawei P20 series update is available to download via the following instructions. Visit, Settings > System & updates > Software update > CHECK FOR UPDATES. If an update is available for your model, click on “download and install” and the update package will be download.

However, there are a few things that you need to keep in mind while upgrading to the latest Huawei P20 July 2021 update. First, backup your important data, so you won’t lose any of it. Although, the upgrade procedure won’t erase your date but it’s recommended.

Advertisement

Maintain enough storage on your device to store the update package, and keep the phone charged sufficiently, so it won’t run out of power during the installation procedure.

Huawei P20 July 2021 update

(image source – Huaweiblog)

Huawei P20:

Launched in 2018, Huawei P20 and P20 Pro sports new AI-powered photography features. The Pro model is the first smartphone in the world to come with a triple camera system. In terms of software, Huawei P20 and P20 Pro come with EMUI 8.1 and after a number of major upgrades, the software version reached EMUI 10 (Android 10).

 

Advertisement

The latest rollout for the Huawei P20 lineup shows that the company still wants to keep the device study and provide better security as well as stable performance. Furthermore, this may be a step towards the global HarmonyOS opening? However, we’ll have to wait for more confirmation regarding this matter.

Until then, we’ll keep you posted.

Continue Reading

EMUI

Huawei EMUI September 2021 Updates List

Published

on

EMUI september 2021 updates

This month, Huawei released September 2021 EMUI security updates details ahead of time and continues to expand previously released patches. Currently, the rollout of June and July updates are on the move.

Last month, Huawei also revealed its new EMUI version – EMUI 12, but this new software remains under massive confusion or the global Huawei device owners. The EMUI 12 replicates the same feel of the HarmonyOS 2.0 user interface but clarification on its base software is still unsolved.

On the other hand, the Chinese tech maker is rapidly increasing the number of HarmonyOS powered devices, just recently, the company has crossed 90 million HarmonyOS installations in China alone.

This is quite an achievement, yet, it would be interesting if Huawei gives the same treatment for its global device owners that could further lead this number to new heights.

Advertisement

Amid these discussions, the wagon of regular EMUI software and security patches continues. Therefore, the Chinese phone maker keeps sending new upgrades to the Huawei phone users to improve their models.

With Huawei EMUI September 2021 Updates list, we will keep full track of all the security and feature-packed updates rolling out for Huawei devices in September 2021 and brief you about them.

EMUI September 2021 updates

Note: This list of devices will be regularly updated

Huawei EMUI September 2021 updates:

September 20, 2021:

Advertisement
  • Huawei Nova 5T getting September 2021 update rolling out after Huawei skips the August 2021 patch for this smartphone.
  • Huawei Watch GT 2 smartwatch getting new features additions with the first beta rollout. Read more about this news here.

September 19, 2021:

  • Huawei MediaPad M5 tablet was released in 2018 and now this device is getting new apps as well as feature enhancements in the global market.
  • Huawei Y9 2019 receiving new software update with new apps and security updates.
  • Honor 9X Pro and Honor 10 Lite getting new software updates in the global market that installs June and July 2021 software updates.

September 17, 2021:

  • New apps and features were released for the Huawei Nova 3i smartphone.

September 16, 2021:

  • Following the so-called patch rollout, the P30 Lite is also receiving the July 2021 security patch with the latest rollout.

September 15, 2021:

  • Huawei Watch GT 2 and Watch GT 2e grabbing a new software update in the global markets that brings new feature improvements for better performance.

September 14, 2021:

  • Huawei Mate 20 Pro with EMUI 11 getting July 2021 security patch.

September 12, 2021:

  • New Firmware optimizations rolling out for the Huawei Watch GT 2 with September 2021 firmware update.

September 11, 2021:

  • Huawei FreeBuds Pro getting Super Device support in China.

September 10, 2021:

  • July 2021 security update is now rolling out for the Huawei Mate 10 Pro in the global market.

September 8, 2021:

  • Huawei P40 Lite 5G getting July 2021 security patch.

September 7, 2021:

  • Huawei P40 Lite getting July 2021 security patch for improved system security.

September 6, 2021:

  • Huawei Nova 3 gets a new update with a number of new apps and a May 2021 security patch, that improves system security and provides a new user experience.

September 3, 2021:

  • Huawei Band 6 Pro getting new optimizations for better performance.

September 2, 2021:

  • Huawei FreeLace Pro wireless neckband earphones receiving new Bluetooth optimizations.

September 1, 2021:

  • Huawei P30 Lite New Edition is receiving July 2021 security update for improved system security.
  • Honor 20 Youth Edition gets the first September 2021 security update.
Continue Reading

EMUI

Huawei Nova 5T September 2021 update rolling out, skips August patch

Published

on

Huawei Nova 5T

The 48MP AI quad rear camera phone – Huawei Nova 5T is receiving the September 2021 security update. This new rollout also makes the skip of the August security patch and it’s a really important step toward the phone’s security perspective by keeping it update to date.

According to Huaweiblog, the Huawei Nova 5T September 2021 security update comes with EMUI 11 version 11.0.0.177 and a software package size of 174 megabytes. This software rollout is currently noted inside Germany (Europe) but may soon expand for more users.

This treatment is significant because it wasn’t even delivered to the flagship phones – Huawei P40 and Mate 40 series. However, the Chinese models with HarmonyOS 2.0 already completed such installation.

The latest Nova 5T EMUI 11 incremental update comes with several fixes for the security flaws in the system and allows users to safely keep all of the device’s data.

Advertisement

Huawei Nova 5T September 2021 update

(image source – Huaweiblog.de)

Nova 5T EMUI 12:

With these fast rollouts and releases, Huawei seemingly preparing the Nova 5T for the next major software update but there’s no official confirmation available on this matter at the moment.

Huawei Nova 5T:

This phone comes with a powerful hardware configuration that includes Kirin 980 processor, quad AI rear camera, a 32MP selfie camera, and more.

Huawei Nova 5T

How to download the Nova 5T:

You can download the latest Huawei Nova 5T update via Settings. To do this, open system settings, visit System & updates, thereafter, the users will have to push “Check for updates” followed by the corresponding update check. If an update is available, you can click “Download and Install”.

Advertisement

However, you must remember to keep a backup of your data to prevent the loss of important files on your device. Furthermore, keep an adequate level of battery backup on your phone to prevent battery outage during the installation. Once started, it may take some time to process the update and install it on the device.

Continue Reading
error: