Harmony OS 2

Huawei released EMUI September 2021 security patch details

EMUI September 2021 Security Patch Details

In June 2021, Huawei launched the HarmonyOS 2.0 operating system for smartphones. Following the launch, there are many smartphones and other devices that are getting HarmonyOS updates in the form of beta and stable. The company’s goal is to cover 100 devices soon.

Apart from the HarmonyOS, the company has also upgraded its device security patches. Now, Huawei has officially released the September 2021 EMUI and Magic UI security patch details, the security update includes the CVE (Common Vulnerabilities and Exposures). This security update includes the CVE announced in the September 2021 security bulletin. It includes 2 Critical, and 18 High levels of CVE’s.

According to the track record, the Common Vulnerabilities and Exposures (CVE) system tracks publicly known security vulnerabilities and exposures in publicly released software packages.

EMUI September 2021 Details

This security update includes the CVE announced in the Android security bulletin.

Critical: CVE-2021-1976, CVE-2021-1972

High: CVE-2021-0591, CVE-2021-0593, CVE-2021-0640, CVE-2021-0641, CVE-2021-0642, CVE-2021-0646, CVE-2021-0584, CVE-2021-1939, CVE-2021-1947, CVE-2020-14381, CVE-2021-1904, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-0582

Medium: none

Low: none

Already included in previous updates: CVE-2019-9239, CVE-2019-9238, CVE-2019-9309, CVE-2021-0592

This security update includes the following HUAWEI patches:

CVE-2021-22376: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.

CVE-2021-22325: Video streaming vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may result in video streams being intercepted during wired projections.

CVE-2021-22486: Unstandardized field names in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22436: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22435: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.

CVE-2021-33909: Privilege escalation vulnerability in the file system components of some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22372: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22343: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22334: Malicious Wi-Fi construction vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause app redirections.

CVE-2021-37009: Multi-user settings vulnerability in the system components of some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37027: DoS vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-22322: Logic bypass vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Related:

Join_Huawei_Update_Telegram_Channel



Comments

Most Popular

To Top