EMUI

These 13 privacy issues on EMUI software system solved with May 2021 security improvements

Published

on

Huawei never wants to disappoint its users in any situation and conditions as well as tries to do its best in taking care of Huawei devices and delivers regular software updates to ehanace the overall performance and system security.

Alongside the hectic schedule, Huawei has recently released the latest May 2021 security patch details, which fixes several new bugs and vulnerabilities found in the latest software build and provides better system security.

May 2021 security patch details: This security update fixes 3 critical, 10 high, and 4 medium levels of CVE for improved system security.

Moreover, Huawei also tries to find the hidden privacy issue that enters the device with previous updates, which are very dangerous for users. Now, the question arrives in the user’s mind that How can they harm your device?

They create a way for hackers to easily enter your device and increase the possibility of stealing and leakage of your personal and private data, which is very risky.

With this security patch, the company has found and resolved 13 privacy issues for user’s safety. Check the solved CVE details, danger level, impact, and more detailed below:

CVE 1:

CVE-2021-22348: UAF security vulnerability in some Huawei phones

Danger level: High

EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact of this CVE on the device: Successful exploitation of this vulnerability may cause code to execute.

CVE 2:

CVE-2021-22343: Logic bypass vulnerability in some Huawei phones

Danger level: Medium

EMUI/Magic UI affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact of this CVE on the device: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE 3:

CVE-2021-22351: DoS vulnerability in some Huawei phones

Danger level: Medium

EMUI/Magic UI affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact of this CVE on the device: Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table, causing system exceptions.

CVE 4:

CVE-2021-22350: UAF security vulnerability in some Huawei phones

Danger level: Medium

EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0,Magic UI 3.1.1, Magic UI 3.1.0

Impact of this CVE on the device: Successful exploitation of this vulnerability may cause the device to crash and restart.

CVE 5:

CVE-2021-22349: DoS vulnerability in some Huawei phones

Danger level: Medium

EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact of this CVE on the device: Successful exploitation of insufficient input verification may cause the system to restart.

CVE 6:

CVE-2021-22352: Vulnerability of hijacking unverified providers in some Huawei phones

Danger level: Medium

EMUI/Magic UI affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact of this CVE on the device: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

CVE 7:

CVE-2021-22347: DoS vulnerability in some Huawei phones

Danger level: Low

EMUI/Magic UI affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact of this CVE on the device: Successful exploitation of this vulnerability may cause temporary DoS.

CVE 8:

CVE-2021-22346: Improper permission management vulnerability in some Huawei phones

Danger level: High

EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact of this CVE on the device: Successful exploitation of this vulnerability may lead to the disclosure of user habits.

CVE 9:

CVE-2021-22345: Improper verification vulnerability in some Huawei phones

Danger level: Medium

EMUI/Magic UI affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact of this CVE on the device: Successful exploitation of this vulnerability may cause out-of-bounds memory write.

CVE 10:

CVE-2021-22344: DoS vulnerability in some Huawei phones

Danger level: Low

EMUI/Magic UI affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact of this CVE on the device: Successful exploitation of this vulnerability may cause temporary DoS.

CVE 11:

CVE-2021-22353: UAF security vulnerability in some Huawei phones

Danger level: Low

EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact of this CVE on the device: Successful exploitation of this vulnerability may cause the kernel to restart.

CVE 12:

CVE-2021-22354: Driver type confusion vulnerability in some Huawei phones

Danger level: Low

EMUI/Magic UI affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact of this CVE on the device: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE 13:

CVE-2021-22334: Malicious Wi-Fi construction vulnerability in some Huawei phones

Danger level: Medium

EMUI/Magic UI affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact of this CVE on the device: Successful exploitation of this vulnerability may cause app redirections.

Copyright © 2022 Huaweicentral.com