Huawei has concluded the beta program of EMUI 11/Magic UI 4 and released the stable version of EMUI 11 for Huawei P40 series, Mate 30 series, MatePad Pro series, Nova 7 series, Nova 6 series, MatePad 10.8, Mate Xs, P30, P30 Pro. While the Magic UI 4 is also released for Honor devices including the Honor 30 and V30 series in China as of now.
Despite the major upgrades, the company also releases security patches for its devices on a monthly and quarterly basis. And now as per the latest information, the company has released the details of its latest January 2021 security patch that will be soon available for the Huawei and Honor phones.
The security update for Huawei devices includes CVE (Common Vulnerabilities and Exposure) which are announced in January 2021 Android security bulletin.
Join Huawei on Telegram
The January 2021 patch from Huawei includes different levels of exploits and issues within Huawei and Honor devices including 4 Critical, 25 High Level, 1 medium, and 0 low levels of CVEs.
Below are the CVE announced in January 2021 EMUI security update Android security bulletin:
Critical: CVE-2020-11225,CVE-2021-0313,CVE-2021-0316,CVE-2019-17666
High: CVE-2020-11217,CVE-2020-11167,CVE-2020-0466,CVE-2020-11146,CVE-2020-0465,CVE-2020-0444,CVE-2019-9376,CVE-2021-0309,CVE-2021-0315,CVE-2021-0319,CVE-2021-0311,CVE-2021-0312,CVE-2021-0306,CVE-2021-0307,CVE-2021-0317,CVE-2021-0322,CVE-2021-0304,CVE-2016-6328,CVE-2021-0318,CVE-2021-0320,CVE-2021-0308,CVE-2020-0471,CVE-2020-9158,CVE-2018-20856,CVE-2019-15214
Medium: CVE-2020-15999
Low: none
Already included in previous updates: CVE-2019-10628,CVE-2019-13994,CVE-2019-13995,CVE-2019-14074,CVE-2020-11133,CVE-2020-11135,CVE-2020-3620,CVE-2020-3621,CVE-2020-3622,CVE-2020-3634,CVE-2019-10527,CVE-2018-11970, CVE-2020-3657,CVE-2020-3670,CVE-2020-3673,CVE-2020-3654,CVE-2020-3703,CVE-2020-11157
This security update includes the following Huawei patches:
- CVE-2020-9158: DoS Vulnerability of Huawei Share Application in Some Huawei Smartphones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability will cause Huawei Share application exceptions.
- CVE-2020-9149:App trust list verification vulnerability in telephony apps
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Apps with specific package names can bypass the verification to delete or insert SMS messages.
- CVE-2020-9148: SMS security bypass vulnerability in telephony apps
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Attackers can exploit this vulnerability to bypass the mechanism that prevents unspecified apps from writing SMS messages and delete SMS messages in private space.
- CVE-2020-9147: Buffer overflow vulnerability
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may result in a buffer overflow.
- CVE-2020-9146: Memory leak vulnerability
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability could cause a denial of service attack by a near-end device.
