Huawei News
These 49 issues on EMUI 11, 10.1, 10, Magic UI 4 and Magic UI 3.1 got fixed with July 2021 security patch
Huawei has released the July 2021 security patch details, which fixes many issues and bugs to provide better system security. The July 2021 security patch fixes common vulnerabilities and exposures (CVE) including 2 Criticals and 13 High levels of CVE’s.
In the July 2021 security patch, Huawei has fixes some issues found on the EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, and Magic UI 3.1.1.
These 49 issues on EMUI 11, 10.1, 10, Magic UI 4 and Magic UI 3.1 got fixed with July 2021 security patch:
CVE-2021-22475: Improper permission management vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22394: Buffer overflow vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.
CVE-2021-36997: Low memory error in some Huawei devices due to the unlimited size of images to be parsed
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.
CVE-2021-36996: Improper verification vulnerability in some Huawei devices
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause transmission of certain virtual information.
CVE-2021-36995: Unauthorized file access vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some Huawei devices due to race conditions
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.
CVE-2021-36993: Memory leaks in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-36992: Public key verification vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-36991: Unauthorized file access vulnerability in some Huawei devices due to unstandardized path input
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.
CVE-2021-36990: Vulnerability of tampering with the kernel in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36989: Kernel crash vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36988: Parameter verification issues in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can affect service integrity.
CVE-2021-36987: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can cause the system to restart.
CVE-2021-36986: Vulnerability of tampering with the kernel in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36985: Code injection vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.
CVE-2021-22491: Input verification vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22490: Permission verification vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect the device performance.
CVE-2021-22488: Unauthorized file access vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
CVE-2021-22487: Out-of-bounds read vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22486: Unstandardized field names in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22483: IP address spoofing vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause DoS.
CVE-2021-22482: Uninitialized variable vulnerability in some Huawei devices
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause transmission of invalid data.
CVE-2021-36998: Improper verification vulnerability in some devices
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds.
CVE-2021-22474: Out-of-bounds memory access in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause process exceptions.
CVE-2021-22473: Authentication vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22472: Improper verification vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22460: Boot restriction bypass vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22450: Memory leaks in some Huawei devices due to exceptions when freeing memory
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.
CVE-2021-22436: Logic bypass vulnerability in some Huawei devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22435: Logic bypass vulnerability in some Huawei devices
Severity: High
Affected versions: EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22425: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can cause the system to restart.
CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22419: Startup verification vulnerability with non-Huawei APKs in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may allow knock-off apps to run automatically.
CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22417: Memory leaks and out-of-bounds access vulnerabilities in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.
CVE-2021-22407: Identity verification vulnerability due to unverified server when connecting Huawei phones to a computer via HiSuite
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22406: Remote DoS vulnerability with the MeeTime app
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability will cause the app to exit unexpectedly.
CVE-2021-22405: Configuration defects in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22404: Directory traversal vulnerability in Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22403: Vulnerability of hijacking unverified providers in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.
CVE-2021-22402: DoS vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause DoS attacks.
CVE-2021-22401: Remote DoS vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect service integrity.
CVE-2021-22395: Code injection vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-36999: Buffer overflow vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.
CVE-2021-37000: Improper permission management vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22367: Logic bypass vulnerability in some Huawei devices
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
Huawei is getting ready to release a new super-thin phone called the Mate 70 Air. Some details about this phone have already been leaked online, and now a new picture has appeared showing what it looks like.
What the phone looks like
A promotional poster for the Huawei Mate 70 Air was leaked today. The phone looks similar to other phones in Huawei’s Mate 70 family, but it’s much thinner.
The back of the phone has a round camera area with Huawei’s XMAGE camera logo on it. The edges of the phone appear to be shiny and polished. The back cover has a textured surface, similar to another Huawei model called the Mate 70 Pro+.
What’s inside the phone
There isn’t much information available yet, but the Mate 70 Air might be a mid-priced phone. Early reports said it would have 12GB of memory and either 256GB or 512GB of storage space. However, newer information suggests it will actually have 16GB of memory.
The phone is expected to have a large 6.9-inch screen. It will also have a high-quality main camera.
Other features
Unlike Apple’s iPhone Air, the Huawei Mate 70 Air will have a slot for a physical SIM card. The phone will run on Huawei’s HarmonyOS 5.1 software. It will come in three colors: black, white, and gold.
Huawei is expected to launch this phone in November, around the same time as its Mate 80 series.
Tipster Digital Chat Station has confirmed that the Chinese tech giant Huawei will release new phones called the Mate 80 series in November. These new phones will have better designs, cameras, and speed.
The company is expected to compete with Apple’s new iPhone 17 phones. Huawei will make four different Mate 80 phones: the regular Mate 80, Mate 80 Pro, Mate 80 Pro+, and Mate 80 RS. Each phone will have different cameras. The regular Mate 80 will have a 50-megapixel camera.
The Pro version will have a bigger 50-megapixel camera. The Pro+ and RS models will have even bigger 50-megapixel cameras.
The Pro model might have a flat screen and face recognition. The Pro+ and RS models might have curved screens that bend more.
The best phone, the Mate 80 RS, might have a 6.9-inch screen with special technology.
This screen should be brighter, use less battery power, and last longer than normal phone screens. Huawei might also use strong titanium metal for the frame and special glass on the back. Inside the phones, there will be a new chip called the Kirin 9030. The battery might be bigger than 6000mAh and charge very fast – 100W with a wire and 80W without wires. The phones might work with 5G internet and satellite communication.
The phones will use Huawei’s own software called HarmonyOS. This might work better with other Huawei devices and have more AI features. Some people think these improvements will help Huawei compete better with Apple, especially in battery life, communication, and smart features.
A Chinese company called HiSilicon Semiconductor just changed who’s in charge. The old boss, Xu Zhijun, stepped down from his job as the legal representative and chairman. Now the company’s CEO, Gao Ji, is taking over these roles.
Xu has been working at Huawei since 1993 and still has other important jobs there – he’s a vice chairman and sometimes serves as the rotating chairman. Him leaving this position is probably just Huawei moving people around to different jobs within the company.
HiSilicon is completely owned by Huawei and makes computer chips. This change in leadership might mean Huawei is trying to make things work better.
HiSilicon started in October 2004 when Huawei took its computer chip design team and turned it into its own company. The main office is in Shenzhen, but they also have offices in Beijing, Shanghai, and other cities in China.