EMUI
These issues on EMUI 11 and 12 fixed with October 2022 EMUI security patches
Huawei has brought the October 2022 EMUI security patch details with a big bag of fixes and improvements for the threatening issues. Consequently, users will notice overall enhancement and stability in their devices after installing the new patch.
We are well aware of the fact that Huawei sends regular updates to its devices to maintain their reliability. But, often these updates welcome some hidden issues and defects in the system. As a result, these issues create a gateway for the malware to enter the applications and exploit the entire functioning of the gadget.
Therefore, this makes the user very conscious about installing every new firmware on their device. Hence, apart from the vulnerability description, the company has also shared a huge narration regarding what fixes the new patch will bring to the smart handsets.
As usual, the company has explored various segments of the device and has prepared a fresh improvement package. And the interesting part of this new package is, these fixes apply to the major EMUI 11 and 12 versions.
On the other hand, these spots cover several essential parts of the internal system. For instance, framework, kernel, KEYMASTER, configuration, and more. Thus, by treating and mending every element, this patch increases the security of your device to the next level.
So, if your handy gadget is running on any of the mentioned versions, then you must check which new issues get a full stop with the latest October 2022 EMUI security patch.
October 2022 EMUI security fixes for EMUI 11 and EMUI 12
CVE 1: CVE-2021-40017
- CVE version detail: Vulnerability of not verifying the validity of the key’s format in the HW_KEYMASTER module
- Risk Level: Critical
- Affected Versions: EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause out-of-bounds access
CVE 2: CVE-2021-46839, CVE-2021-46840
- CVE version detail: Lack of length check, and parameter set verification vulnerability in the HW_KEYMASTER module
- Risk Level: Medium
- Affected Versions: EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Attackers can construct malicious data as well as cause out-of-bounds access
CVE 3: CVE-2022-38983
- CVE version detail: UAF vulnerability in the BT Hfp Client module
- Risk Level: High
- Affected Versions: EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause arbitrary code execution
CVE 4: CVE-2022-41576
- CVE version detail: boot.sh script that can be modified by malicious programs in the phone module
- Risk Level: Medium
- Affected versions: EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability can cause irreversible program implantation on the user’s device.
CVE 5: CVE-2022-41578
- CVE version detail: Out-of-bounds write vulnerability in the mptcp module
- Risk Level: High
- Affected versions: EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause attack programs to modify program information to implement root privilege escalation attacks.
CVE 6: CVE-2022-41580, CVE-2022-41581
- CVE version details: Vulnerability of not verifying the read content in the HW_KEYMASTER module
- Risk Level: Medium
- Affected Versions: EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Attackers can construct malicious data as well as cause out-of-bounds access
CVE 7: CVE-2022-41582
- CVE version details: Configuration defects in the security module
- Risk Level: High
- Affected versions: EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may affect availability
CVE 8: CVE-2022-41584, CVE-2022-41585
- CVE version details: Out-of-bounds read vulnerability in the kernel module
- Risk Level: Medium
- Affected versions: EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause memory overwriting
CVE 9: CVE-2022-41586
- CVE version details: Untruncated data vulnerability in the communication framework module
- Risk Level: Medium
- Affected versions: EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability will affect confidentiality
CVE 10: CVE-2022-41588
- CVE version details: Service logic exception vulnerability in the home screen module
- Risk Level: Medium
- Affected versions: EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may affect the integrity
CVE 11: (CVE-2022-41592, CVE-2022-41593, CVE-2022-41594, CVE-2022-41595, CVE-2022-41597, CVE-2022-41598, CVE-2022-41600, CVE-2022-41601, CVE-2022-41602, CVE-2022-41603)
- CVE version details: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA
- Risk Level: Medium
- Affected versions: EMUI 12.0.0, EMUI 11.0.1
- Impact of these CVEs on devices: Attackers with root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.
EMUI 13 beta kicked off for global users and it’s quite exciting but the roadmap of eligible Huawei devices is still awaited. While there’s no official news available on this matter.
In 2021, Huawei released EMUI 12 roadmap during the Asia pacific launch event but this year, there are no such plans revealed. Instead of the roadmap, Huawei opened the EMUI 13 beta for all Huawei P50, P50 Pro, P50 Pocket, and Mate Xs 2 foldable phones.
Unfortunately, the program is open for the Asia region but more users want to join the beta activity. Especially the European models are waiting for term to dive into the testing pool.
Despite the delay, we hope that the oldest set of devices may also get a slot into this EMUI 13 release program.
In the meantime, if you have a flagship phone, tune into the Beta app. From here open the “Me” section and then search for a new EMUI 13 beta project.
You need to sign up for the beta application and wait for the submission. Once submitted, you will be notified to download the OTA update package.
If the activity is not available on your phone, don’t worry, you will see the project after the beta opens in your country. Yet, we also suggest you keep an eye on the Beta application.
EMUI 13 Features:
EMUI 13 focuses on reinventing EMUI 12, this includes better security and privacy. This new software can review all of the data safety measures thanks to the new privacy center.
It has new options to allow or revoke permission, check the timeline for all of the user permission, and so on. You can also set new image privacy to hide the image meta information.
EMUI 13 also plays well around the user interface and there are many improvements made to features such as large folders and service widgets.
Huawei is rolling out EMUI 13.0.0.204 for the Huawei Mate 50 Pro smartphone in the global market. This update is packed with lots of new features, optimizations, and improvements for this flagship phone.
According to the information, EMUI 13.0.0.204 for Huawei Mate 50 Pro comes with new network improvements for certain situations. It has improvements in camera quality.
There are also new optimizations made for the audio quality of calls and games. On the flip side, the app has its own improvements for a better user experience.
Furthermore, Huawei has arranged new system stability optimizations that provide a performance boost for your smartphone.
According to the inputs, this upgrade integrates February 2023 security patch for the phone.
This is a big changelog for the Huawei Mate 50 Pro and the company is sending this to improve the phone’s performance in various scenarios. Also, if you have a Mate 50 Pro device, we suggest you get this version right away as soon as it appears.
The Mate 50 Pro is the first phone among all of the Huawei smartphones to get EMUI 13 but actually, it comes pre-installed. Since its launch, old phone users are waiting for a new major upgrade.
Recently, Huawei opened the beta program for a few flagships – P50 Pro, P50 Pocket, and Mate Xs 2 foldable phone. You should know that the latest EMUI 13 beta activity has limited slots and it’s available only for a region.
This new Huawei Mate 50 Pro update was released last week for global consumers and rolling out in batches. If your Mate 50 Pro has not received this firmware, make sure you get it via System settings.
(source – Huaweiblog)
Huawei P40 lite is getting a new software update in Europe, which brings the latest security patches released in the month of February 2023. However, the phone users are also waiting for EMUI 13 roadmap to confirm their eligibility for the next major software update.
Huaweiblog reports that Huawei P40 Lite users are getting the February 2023 security update in Europe with build version 12.0.0.268 and the OTA package size of 254 megabytes.
This is a staged rollout, and all of the P40 Lite users will get it gradually. Below you can check the complete changelog of this software release.
List of Changes
This update improves system security with security patches.
Security:
- Integrates security patches released in February 2023 for improved system security.
For more information on the security of Huawei’s EMUI system updates, visit the Huawei official website.
Notes on the update:
- Your personal data will not be deleted by the update. However, we recommend that you back up important data before updating.
- Charge your phone sufficiently.
- The update package will be automatically deleted after the update is complete.