News

Huawei released January 2021 EMUI/MagicUI security patch details

Posted on

Huawei has concluded the beta program of EMUI 11/Magic UI 4 and released the stable version of EMUI 11 for Huawei P40 series, Mate 30 series, MatePad Pro series, Nova 7 series, Nova 6 series, MatePad 10.8, Mate Xs, P30, P30 Pro. While the Magic UI 4 is also released for Honor devices including the Honor 30 and V30 series in China as of now.

Despite the major upgrades, the company also releases security patches for its devices on a monthly and quarterly basis. And now as per the latest information, the company has released the details of its latest January 2021 security patch that will be soon available for the Huawei and Honor phones.

The security update for Huawei devices includes CVE (Common Vulnerabilities and Exposure) which are announced in January 2021 Android security bulletin.

Join Huawei on Telegram

The January 2021 patch from Huawei includes different levels of exploits and issues within Huawei and Honor devices including 4 Critical, 25 High Level, 1 medium, and 0 low levels of CVEs.

Below are the CVE announced in January 2021 EMUI security update Android security bulletin:

Critical: CVE-2020-11225,CVE-2021-0313,CVE-2021-0316,CVE-2019-17666

High: CVE-2020-11217,CVE-2020-11167,CVE-2020-0466,CVE-2020-11146,CVE-2020-0465,CVE-2020-0444,CVE-2019-9376,CVE-2021-0309,CVE-2021-0315,CVE-2021-0319,CVE-2021-0311,CVE-2021-0312,CVE-2021-0306,CVE-2021-0307,CVE-2021-0317,CVE-2021-0322,CVE-2021-0304,CVE-2016-6328,CVE-2021-0318,CVE-2021-0320,CVE-2021-0308,CVE-2020-0471,CVE-2020-9158,CVE-2018-20856,CVE-2019-15214

Medium: CVE-2020-15999

Low: none

Already included in previous updates: CVE-2019-10628,CVE-2019-13994,CVE-2019-13995,CVE-2019-14074,CVE-2020-11133,CVE-2020-11135,CVE-2020-3620,CVE-2020-3621,CVE-2020-3622,CVE-2020-3634,CVE-2019-10527,CVE-2018-11970, CVE-2020-3657,CVE-2020-3670,CVE-2020-3673,CVE-2020-3654,CVE-2020-3703,CVE-2020-11157

This security update includes the following Huawei patches:

  • CVE-2020-9158: DoS Vulnerability of Huawei Share Application in Some Huawei Smartphones

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability will cause Huawei Share application exceptions.

 

  • CVE-2020-9149:App trust list verification vulnerability in telephony apps

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Apps with specific package names can bypass the verification to delete or insert SMS messages.

  • CVE-2020-9148: SMS security bypass vulnerability in telephony apps

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Attackers can exploit this vulnerability to bypass the mechanism that prevents unspecified apps from writing SMS messages and delete SMS messages in private space.

  • CVE-2020-9147: Buffer overflow vulnerability

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may result in a buffer overflow.

  • CVE-2020-9146: Memory leak vulnerability

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability could cause a denial of service attack by a near-end device.

Must Read

Exit mobile version