Connect with us

EMUI

These 49 EMUI security issues fixed with July 2021 update

Published

on

July 2021 privacy issue

Huawei has just published the latest July 2021 security patch and reveals 49 new EMUI security issues that were fixed with this new security patch.

The fixed EMUI security issues will prevent Common Vulnerabilities and Exposures or CVE from harming user data or blocking any unverified access to the device.

To be mentioned, Huawei’s current days are very hectic because HarmonyOS 2.0 rollout is going on in China and also in preparation for the next flagship global product launch conference, which will be held on July 29. This caused Huawei to polish a late security bulletin.

But, Huawei has made full efforts in finding the EMUI security issues and resolve them with the July 2021 security patch.

Advertisement

July EMUI security patch details:

Huawei has fixes 21 high, and 28 medium levels of CVE as well as 49 hidden EMUI security issues for EMUI and Magic UI devices. Check the solved CVE details, severity, impact, and more detailed below.

Huawei security

Below you can check all of the EMUI security issues mentioned in the July 2021 patch:

CVE 1:

  • CVE-2021-22475: Improper permission management vulnerability in some Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 2:

  • CVE-2021-22394: Buffer overflow vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.

CVE 3:

  • CVE-2021-36997: Low memory error in some Huawei devices due to the unlimited size of images to be parsed
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.

CVE 4:

  • CVE-2021-36996: Improper verification vulnerability in some Huawei devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause transmission of certain virtual information.

CVE 5:

  • CVE-2021-36995: Unauthorized file access vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE 6:

  • CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some Huawei devices due to race conditions
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.

CVE 7:

  • CVE-2021-22367: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE 8:

  • CVE-2021-36993: Memory leaks in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 9:

  • CVE-2021-36992: Public key verification vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 10:

  • CVE-2021-36991: Unauthorized file access vulnerability in some Huawei devices due to unstandardized path input
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.

CVE 11:

  • CVE-2021-36990: Vulnerability of tampering with the kernel in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 12:

  • CVE-2021-36989: Kernel crash vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 13:

  • CVE-2021-36988: Parameter verification issues in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE 14:

  • CVE-2021-36987: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE 15:

  • CVE-2021-36986: Vulnerability of tampering with the kernel in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 16:

  • CVE-2021-36985: Code injection vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.

CVE 17:

  • CVE-2021-22491: Input verification vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 18:

  • CVE-2021-22490: Permission verification vulnerability in some Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may affect the device performance.

CVE 19:

  • CVE-2021-22488: Unauthorized file access vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE 20:

  • CVE-2021-22487: Out-of-bounds read vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 21:

  • CVE-2021-22486: Unstandardized field names in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 22:

  • CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 23:

  • CVE-2021-22483: IP address spoofing vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may cause DoS.

CVE 24:

  • CVE-2021-22482: Uninitialized variable vulnerability in some Huawei devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause transmission of invalid data.

CVE 25:

  • CVE-2021-36998: Improper verification vulnerability in some devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds.

CVE 26:

  • CVE-2021-22474: Out-of-bounds memory access in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause process exceptions.

CVE 27:

  • CVE-2021-22473: Authentication vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 28:

  • CVE-2021-22472: Improper verification vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 29:

  • CVE-2021-22460: Boot restriction bypass vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 30:

  • CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 31:

  • CVE-2021-22450: Memory leaks in some Huawei devices due to exceptions when freeing memory
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.

CVE 32:

  • CVE-2021-22436: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE 33:

  • CVE-2021-22435: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 10.1.1, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE 34:

  • CVE-2021-22425: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE 35:

  • CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 36:

  • CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 37:

  • CVE-2021-22419: Startup verification vulnerability with non-Huawei APKs in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may allow knock-off apps to run automatically.

CVE 38:

  • CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 39:

  • CVE-2021-22417: Memory leaks and out-of-bounds access vulnerabilities in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

CVE 40:

  • CVE-2021-22407: Identity verification vulnerability due to unverified server when connecting Huawei phones to a computer via HiSuite
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 41:

  • CVE-2021-22406: Remote DoS vulnerability with the MeeTime app
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability will cause the app to exit unexpectedly.

CVE 42:

  • CVE-2021-22405: Configuration defects in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 43:

  • CVE-2021-22404: Directory traversal vulnerability in Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 44:

  • CVE-2021-22403: Vulnerability of hijacking unverified providers in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

CVE 45:

  • CVE-2021-22402: DoS vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause DoS attacks.

CVE 46:

  • CVE-2021-22401: Remote DoS vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE 47:

  • CVE-2021-22395: Code injection vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 48:

  • CVE-2021-36999: Buffer overflow vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.

CVE 49:

  • CVE-2021-37000: Improper permission management vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Amy is our firmware and software specialist, she keeps her eagle eyes open for new software rollouts, beta programs, and other software related activities as well as new smartphone launch.

EMUI

EMUI 12 Rollout Schedule for Russia and Central Asia

Published

on

EMUI 12 schedule Russia

Since January 2022, Huawei has started the rollout of stable EMUI 12 software updates in the global market. EMUI 12 comes with a brand new user interface, which is much better than EMUI 11. It also comes with new features and improvements to provide a next-level experience somehow similar to HarmonyOS.

Global Huawei consumers seem excited to install the latest EMUI 12 software system. The major Huawei, device market includes Europe, the Middle East, Russia, and more. Speaking about Russian Market has also a prominent smartphone with a large number of shipped units.

So, Huawei users are you belong to Russia and Central Asia? Yes! do you know about your device’s EMUI 12 rollout status and related information? Early this month, Huawei released an EMUI 12 rollout schedule for eligible devices worldwide.

The official schedule also contains information about EMUI 12 rollout for the Huawei devices available in Russia along with their current status. You can check the full roadmap below.

Advertisement

EMUI 12 schedule Russia

Updated on June 27, 2022:

EMUI 12 rollout schedule for Russia and Central Asia

  • Huawei P40 Pro+: Completed (End of February 2022)
  • Huawei Mate Xs: Completed (End of February 2022)
  • Huawei Mate 30 Pro: Completed (End of February 2022)
  • Huawei P40 Pro: Completed (Middle of February 2022)
  • Huawei P40: Completed (End of February 2022)
  • Huawei P40 Lite: Completed (Early March 2022)
  • Huawei Mate 20: Completed ( Middle of May 2022)
  • Huawei Mate 20 Pro: Completed (Early April 2022)
  • Huawei Mate 20 RS Porsche Design: Completed (Middle of April 2022)
  • Huawei Nova 5T: Completed (Middle of April 2022)
  • Huawei P30: Pushing in batches (End of March 2022)
  • Huawei P30 Pro:  Pushing in batches (End of March 2022)

If you want to send us Tips, Update Screenshots, or a Message? connect with us here:

  • Screenshots@huaweicentral.com
  • Tips@huaweicentral.com
  • Message us on Twitter
Continue Reading

EMUI

Huawei Enjoy 20 SE (EMUI 10) getting May 2022 security update

Published

on

Huawei Enjoy 20 SE May 2022 update

Launched in 2021, Huawei Enjoy 20 SE smartphone users have started collecting the May 2022 security update. The update installs the latest improvements for system security and stability to enhance the device’s functionality.

It has been a long time since the corresponding device users grabbed the improvement patch. Consequently, the previous version came with April 2022 security patch with several fixes for critical, high, and medium levels of CVEs for the device.

Similarly, the latest May 2022 security update for Huawei Enjoy 20 SE brings new fixes related to the audio functions, voice ID application, and other focal points of the system. Users can identify the update with the build number EMUI 10.1.1.173.

The update is appearing through the OTA medium and will hit the device in some days. In the meantime, users must ensure to keep checking the update section and also the My Huawei app that ultimately allows requesting the newest firmware version.

Advertisement

Huawei Enjoy 20 SE May 2022 update

However, before moving on to the update procedure, users must understand the following instructions:

  • The new update may have a huge package size, thus, users must use a stable Wi-Fi connection to download the software.
  • Users must have the base EMUI version 10.1.1.172 for installing the latest update.
  • Aside, users must verify the storage space beforehand, so that the software can fit in the phone easily.
  • The smartphone must have a battery level of 45 percent for a fruitful installation procedure.
  • Though the update would not harm any data, we suggest taking a backup of the device.

How to check for updates?

Just go to the Settings app of the phone menu. Further, swipe down and select System & Updates > Software Updates. Next, tap on the Check For Updates, and follow the on-screen norms. As you see a suitable update on the screen, select the Download & Install tab.

Full Changelog

  • This update improves system security with security patches
  • May 2022 security patches have been integrated for better system security.
  • Adapting model: Huawei Enjoy 20 SE PPA-AL20

(Source)

Continue Reading

EMUI

Huawei Mate Xs EMUI 12.0.0.252 update is necessary to install

Published

on

Huawei Mate Xs EMUI 12.0.0.252

Huawei has started to rollout an EMUI 12.0.0.252 software update for the global version of Mate Xs 2 foldable phone, the phone users can get this update necessary rot improve the system security and improve the phone’s overall performance.

EMUI 12.0.0.252 software package has a size of 270MB and the update is currently expanding among consumers gradually. To be mentioned, the update has security patches released this month to fix the latest issues in EMUI firmware.

A few months ago, Huawei launched Mate Xs 2 foldable phone for consumers. The phone is available to purchase also in the global market, which is a matter of surprise.

While its Chinese version HarmonyOS 2.0 operating system, the global variant has EMUI 12 pre-installed, which is almost similar to the Chinese counterpart in terms of looks and feel.

Advertisement

Huawei Mate Xs EMUI 12.0.0.252

Unlike the first generation Mate Xs, the Mate Xs 2 is equipped with a new processor Snapdragon 888 4G, featuring octa-core architecture – Octa-core, 1 x Cortex-X1 at 2.84 GHz + 3 x Cortex-A78 at 2.42 GHz + 4 x Cortex-A55 at 1.8 GHz. The phone also brings better graphics performance provided by Adreno 660 GPU.

Similar to the Mate Xs 2 and Huawei P50 Pro, the Chinese tech giant has kept Huawei Mate Xs 2’s camera department filed with new hardware capabilities. It features a 50MP triple rear camera system. While there’s a wide-angle camera ready to take your selfies up from the front.

Update instructions:

Huawei Mate Xs EMUI 12.0.0.252 update is currently rolling in batches and you can download this firmware via Settings > System &  updates and then tap on Software updates. From here you can follow the on-screen instructions to get the software update onboard.

However, before you move on to download this update, make sure you get the update instructions and understand them easily. We suggest you to get a backup of your important files to prevent unwanted deletion and then make sure you’ve sufficient battery backup to keep your phone up and running, while the update installs.

Advertisement

(source – huaweiblog)

Continue Reading