These 5 dangerous issues on EMUI 11, 10.1, 10.0 got fixed with January 2021 security patch

Recently, Huawei released the latest January 2021 security patch details for Huawei devices, which fixes different levels of exploits and issues to provide better system security.

The January 2021 security patch fixes common vulnerabilities and exposures (CVE) including 4 critical, 25 high, and 1 medium level for improved system security.

For further security improvements, Huawei releases the regular software update for its devices that includes new features and security patches. But sometimes these updates bring some hidden issues along with improvements that give the opportunity or increase the possibility for hackers to make a gateway to enter the applications, which can be very risky and harmful for the users.

With the January 2021 security patch, Huawei has fixes some major issues found on the different versions of EMUI and Magic UI software systems and can severely harm Huawei and Honor smartphones.

Check the details are mentioned below:

CVE 1:

CVE version detail: Huawei Share denial of service vulnerability exists in some product

Risk level: low

EMUI/Magic UI version effected: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0 , Magic UI 3.0.0, Magic UI 2.1.1

Impact of this CVE on devices: Successful exploitation of this vulnerability will cause Huawei Share to function abnormally

CVE 2:

CVE version detail: Vulnerability of telephony application authorization whitelist verification error

Risk level: high

EMUI/Magic UI version effected: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact of this CVE on devices: A specific package name application can bypass the verification and directly delete and insert user text messages.

CVE 3:

CVE version detail: The telephony application has a vulnerability that bypasses the mechanism to delete user text messages

Risk level: high

EMUI/Magic UI version effected:  EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.

Impact of this CVE on devices:  An attacker can use this vulnerability to bypass the mechanism of ordinary applications that do not allow text messages to be written, and directly delete text messages in the user’s private space.

CVE 4:

CVE version detail: Some products have a vulnerability to buffer overflow risk

Risk level: Medium

EMUI/Magic UI version effected: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact of this CVE on devices: Successful exploitation of this vulnerability may lead to a buffer overflow.

CVE 5:

CVE version detail: Some products have memory leaks

Risk level: Medium

EMUI/Magic UI version effected: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact of this CVE on devices: Successful exploitation of this vulnerability may lead to a near-end DOS attack.