EMUI
May 2023 EMUI security fixed software threats on EMUI 13/12.0.1/12/11
Huawei continues to dig into the latest software vulnerabilities and these patches roll out for smartphones with monthly security patches. May 2023 is no exception to this action plan and there are various EMUI bugs and security threats that are fixed in this month’s security bulletin for global models.
For your information, we’ll explore May 2023 EMUI security bug and software threat fixes in the following order – Critical, High, and then Medium. So, let’s get started.
Critical:
Huawei has fixed CVE-2021-46881 and CVE-2021-46882 CVE-2021-46883. These were responsible for causing damage to the video framework and making the app unusable. This issue is reported on EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, and EMUI 10.1.0.
Related – May 2023 Huawei EMUI Devices [List]
High:
CVE-2021-46885 and CVE-2021-46886 are also related to the bug found in the video frame and could cause damage to the app’s availability. These two software threats are reported on EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, and EMUI 10.1.0.
CVE-2021-46887 is caused by a lack of length check vulnerability in the HW_KEYMASTER module. It could result in out-of-bounds read. CVE-2022-48480 is found of missing authentication for some received broadcasts in the reminder module. The company has successfully patched this software issue on EMUI 13.0.0, EMUI 12.0.1, and EMUI 12.0.0.
Medium:
CVE-2023-0117 is caused by unstrict app identity verification in the online authentication function of the hwKitAssistant module. This is directed to compromise apps such as MeeTime. Also, its patch is applied on a device with EMUI 13.
There’s a new medium-level Gallery app hijacking bug found and fixed with May 2023 EMUI security patch. With this, attackers can use malicious apps to cause download failure and app crashes. Its patch is also applied for versions EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, and EMUI 11.0.1.
Related – Huawei shares May 2023 EMUI patch details
CVE-2023-31226 is spotted affecting the confidentiality of the smartphone running EMUI 13 and above. However, it’s also patched. Lastly, CVE-2023-31227 appeared with a missing API calling verification in hwPartsDFR. It was used to steal data on EMUI 13 but is now fixed.
Check for update:
These new fixes will start to rollout with the next firmware update and we suggest you keep on checking new updates via settings.