EMUI
November 2022 EMUI security patch fixes these 20 privacy issues
Huawei keeps on rolling monthly security patches to enhance its devices. Similarly, the November 2022 EMUI security patch fixes 20 privacy issues and makes your phones more efficient.
Following the tradition, the company has released the November 2022 EMUI patch with a big bundle of fixes for the terrible issues. In detail, the package marks an end to 1 critical, 8 high, and 14 medium levels of CVEs.
On the other hand, the latest security patch also includes fixes for 20 additional security troubles. For your information, these bugs can cause major problems in terms of data privacy.
Consequently, these fixes are related to memory management, kernel module, display services, and more. Besides, the company has also optimized some errors in the lock screen module and the Bluetooth functions. As a result, you will notice better stability in the respective fields.
Thus, by eliminating every harmful defect in your device, the November 2022 EMUI security patch improves data security and privacy aspects.
Further, these fixes will occur for EMUI 12 as well as EMUI 11 versions. Hence, if you are holding any of the builds on your handsets then you must install this update. To get a more detailed view of these issues, you can check the below-given section.
November 2022 security update fixed the following EMUI issues:
CVE 1
- CVE-2021-46851: Vulnerability of unstrict verification of the memory’s security attribute in the DRM module
- Risk Level: High
- Affected versions: EMUI12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability by attackers may cause the video playback to be abnormal.
CVE 2
- CVE-2021-46852: Logic bypass vulnerability in the memory management module
- Risk Level: Medium
- Affected Versions: EMUI 12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability will affect confidentiality
CVE 3
- CVE-2022-44546: Vulnerability that the kernel module automatically frees the memory but does not clear the mapping
- Risk Level: High
- Affected Versions: EMUI 12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause the system to restart
CVE 4
- CVE-2022-44547: UAF vulnerability in the Display Service module
- Risk Level: High
- Affected versions: EMUI 12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause Display Service to reset and restart.
CVE 5
- CVE-2022-44548: Vulnerability of unstrict permission verification during Bluetooth pairing
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause the dialog box to confirm the pairing not to be displayed during Bluetooth pairing.
CVE 6
- CVE-2022-44549: Geofencing API access vulnerability in the LBS module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause third-party apps to access the geofencing API without authorization, affecting user confidentiality.
CVE 7
- CVE-2022-44550: UAF vulnerability when traversing layers in the graphics display module.
- Risk Level: High
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may affect availability.
CVE 8
- CVE-2022-44551: Thread security vulnerability in the iaware module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
CVE 9
- CVE-2022-44552: Vulnerability of defects being introduced in the design process in the lock screen module
- Risk Level: Medium
- Affected versions: EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may affect availability.
CVE 10
- CVE-2022-44553: Vulnerability of not filtering third-party apps out while the HiView module traverses to invoke the system provider
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause third-party apps to be activated periodically.
CVE 11
- CVE-2022-44554: Unstrict permission verification vulnerability in the power module
- Risk Level: Medium
- Affected versions: EMUI 12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause the status of a module to be abnormal.
CVE 12
- CVE-2022-44555: Service hijacking vulnerability in the DDMP/ODMF module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause service unavailability.
CVE 13
- CVE-2022-44556: Missing parameter type validation in the DRM module
- Risk Level: High
- Affected versions: EMUI 12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability may affect availability.
CVE 14
- CVE-2022-44557: Vulnerability of obtaining the read and write permissions on arbitrary system files in the SmartTrimProcessEvent module
- Risk Level: High
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability will affect confidentiality.
CVE 15
- CVE-2022-44558: Mismatch between serialization as well as deserialization in the AMS module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause privilege escalation.
CVE 16
- CVE-2022-44559: Mismatch between serialization as well as deserialization in the AMS module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause privilege escalation.
CVE 17
- CVE-2022-44560: Intent redirection vulnerability in the launcher module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause launcher module data to be modified.
CVE 18
- CVE-2022-44561: Permission verification vulnerability in the preset launcher module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability allows unauthorized apps to add arbitrary widgets as well as shortcuts without interaction.
CVE 19
- CVE-2022-44562: Mismatch between serialization as well as deserialization at the system framework layer
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause privilege escalation.
CVE 20
- CVE-2022-44563: Race condition vulnerability in SD upgrade mode
- Risk Level: High
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability will affect confidentiality.
Huawei has released the January 2023 software update for the Huawei Nova Y90 and Y70 smartphones in the global market, and this firmware clearly improves these phones’ security aspects for a better user experience.
Both Huawei Nova Y90 and Y70 runs EMUI 12 out of the box but it would be interesting if the company could have sent EMUI 13 instead of the security patch. Speaking of which, no one knows, when Huawei will rollout EMUI 13 for global users for the time being.
Coming back to the rollout, January 2023 security update for Huawei Nova Y90 and Nova Y70 comes with EMUI version 12.0.1.177 and EMUI 12.0.1.202. This update is suggested to install on all of the devices sold marketed outside of China and will appear in batches.
We suggest the corresponding users look into the settings > then open System & updates, followed by a Software update, and then tap on CHECK FOR UPDATES. You can download the latest firmware also from the My Huawei app.
You should know that the update won’t erase your personal data but it is suggested for you back up any important data before updating the device. On the other hand, the package will be deleted automatically once the installation succeeds.
Thanks to the tipster for this amazing information, Masterpiece.
(via)
Huawei has released February 2023 EMUI security patch details that will fetch better safety for smartphones running EMUI 12.0.1, EMUI 12.0, and EMUI 11 in the global market.
In the meantime, Huawei keeps on sending security patches, optimizations, and other important performance upgrades over the OTA method directly to the devices.
Meanwhile, Huawei has not released the February 2023 EMUI security patch update for smartphones but it may soon be delivered to the corresponding eligible models.
Why it’s important?
Security patches are important and Huawei releases such upgrades for smartphones to implement high safety measures to guard the data and fight vulnerabilities. Such updates roll out monthly and quarterly sessions.
What fixed:
Huawei has fixed 2 issues in critical condition, 14 of them fixed in high mode, medium and low level of vulnerabilities are not recorded this time. While there are 23 common vulnerability exposures patched from the last firmware version.
Specifically, it fixes an unauthorized access vulnerability (CVE-2022-48286) in the multi-screen collaboration module, which could have affected the confidentiality of the files that you are sharing over the air.
There are two medium-level vulnerabilities fixed for Bluetooth modules, which could exploit user data. CVE-2022-48295 addresses the fix of authentification of the IHwAntiMalPlugin API, which could let malware attack your Huawei device.
Next comes the Huawei fix for permission management vulnerability in the SystemUI module, which may cause users to receive misleading broadcasts from malicious apps for storage exploitations.
Below you can check all of the CVE counts and codes mentioned in the February 2023 security bulletin.
Critical:
- CVE-2022-22088, CVE-2022-41674
High:
- CVE-2022-20456, CVE-2022-20461, CVE-2022-20489, CVE-2022-20490, CVE-2022-20492, CVE-2022-20493, CVE-2022-20494, CVE-2023-20905, CVE-2023-20913, CVE-2023-20915, CVE-2023-20920, CVE-2023-20921, CVE-2022-33255, CVE-2022-32635
Already included in previous updates:
- CVE-2022-20504, CVE-2022-20506, CVE-2022-20513, CVE-2022-20515, CVE-2022-20516, CVE-2022-20517, CVE-2022-20518, CVE-2022-20520, CVE-2022-20521, CVE-2022-20525, CVE-2022-20528, CVE-2022-20530, CVE-2022-20537, CVE-2022-20539, CVE-2022-20541, CVE-2022-20544, CVE-2022-20546, CVE-2022-20552, CVE-2022-42535, CVE-2022-42542, CVE-2022-20496, CVE-2022-20566, CVE-2021-39793
February 2023 security patch may take some time to toss over the devices and we’ll keep you posted.
Huawei is expanding the January 2023 security patch for Nova 7 global version that improves the phone’s capability against potential threats. According to the information, Huawei Nova 7 January 2023 EMUI update comes with version 12.0.0.244 and 233 megabytes. This update is rolling out in batches began to rollout early last month.
You can check for the update via Settings or via the My Huawei app. Below you can see the update changelog:
This update improves system security with security patches.
Security:
- Integrates security patches released in January 2023 for improved system security.
Update notes:
- This update will not erase your personal data but we recommend that you back up only important data before updating.
- If you encounter any issues during the update contact the Huawei customer service hotline.
- The update package will be deleted automatically after the update is complete.
Thanks to the tipster – Mohammed for this amazing update.
