Huawei News
Huawei released June 2022 EMUI patch details
EMUI 12 stable update is almost rolled out for global devices. In terms of security patches, Huawei also focuses on the HarmonyOS/EMUI update for its eligible devices in a regular manner. Apart from the EMUI 12 and HarmonyOS, the June 2022 Huawei EMUI security patch is now live and it fixes 14 High levels, and 4 mediums while there are no low levels of CVEs.
Huawei released June 2022 EMUI patch details:
Critical: none
High: CVE-2021-39670, CVE-2022-20004, CVE-2022-20005, CVE-2022-20011, CVE-2022-20112, CVE-2021-39662, CVE-2022-20114, CVE-2022-22057, CVE-2021-4083, CVE-2022-22068, CVE-2022-20009, CVE-2022-0847, CVE-2022-20008, CVE-2022-22064, CVE-2022-22065
Medium: CVE-2021-39700, CVE-2021-35098, CVE-2021-35084, CVE-2021-35085
Low: none
Already included in previous updates: CVE-2021-25477, CVE-2021-0796, CVE-2021-39765, CVE-2021-39772, CVE-2021-39791, CVE-2021-30351, CVE-2021-30308, CVE-2021-30314, CVE-2021-30309, CVE-2021-30317, CVE-2021-30322, CVE-2021-30326, CVE-2021-30328, CVE-2021-30329, CVE-2021-30331, CVE-2021-30332, CVE-2021-30333
CVE-2021-46812: Device manager vulnerability in the multi-device task center
Severity: Medium
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability can affect integrity.
CVE-2021-46811: Improper permission management vulnerability in the HwSEServiceAPP module
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may lead to the acquisition of CPLC information.
CVE-2021-40021: Out-of-bounds memory write in the eID module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40022: Missing parameter type validation in the weaver module
Severity: Critical
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40014: Information management error vulnerability in the bone voice ID TA
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40006: Security risk of brute force cracking in the fingerprint sensor module
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-31751: Multi-thread competition for resources in the kernel emcom module
Severity: Critical
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31757: Interface misuse vulnerability in the Settings module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-31763: Null pointer and out-of-bounds array vulnerabilities in the kernel module
Severity: High
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31760: Dialog box being displayed when the screen is locked in the carrier-customized USSD service
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2022-31758: Race condition vulnerability in the kernel module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-46814: Out-of-bounds memory read and write vulnerability in the video framework
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31753: Vulnerability of using externally-controlled format strings in the voice wakeup module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31754: Logical defects in code implementation in some products
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect the availability of some features.
CVE-2021-46813: Vulnerability of residual files not being deleted after an update in the ChinaDRM module
Severity: Critical
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-46815: Configuration defects in the secure OS module
Severity: Medium
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31761: Configuration defects in the secure OS module
Severity: High
Affected versions: EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-29793: Configuration defects in the activation lock of the mobile phone
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, Magic UI 3.1.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-31755: Improper preservation of permissions vulnerability in the communications module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31759: Uninitialized pointer access vulnerability in the AppLink
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31762: Input verification vulnerability in the AMS module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will cause unauthorized operations.
CVE-2022-31752: Missing authorization vulnerability in the system components
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-31756: Design defects in the fingerprint sensor module
Severity: High
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
According to the official information, the Huawei released the delisting announcement of its Petal Mail App. The full text of the announcement is as follows: [translated]
Thank you for your continued attention and support to the Huawei Petal Mail App. In order to better adapt to the changing needs of product experience, service content and local markets, we have made strategic adjustments to the Huawei Petal Mail App.
The Petal Mail App will officially switch to the Email App on December 31, 2024, and the Petal Mail App will no longer be available for download from the App Store. The Petal Mail App you have installed can be used normally. We apologize for the inconvenience. You can continue to view, send or receive emails in the pre-installed Email App on your Huawei phone or use a computer browser to open the Petal Mail official website ( https://www.petalmail.com ), and your emails and personal data will not be lost.
Huawei released the Mate 70 series of mobile phones, with a starting price of 5,499 yuan. At present, the prices of spare parts for the new Mate 70 series have been announced on Huawei’s official website.
Huawei Mate 70 lineup repair spare parts prices announced
Battery and motherboard
Mate 70
Battery — 199
12GB+256GB — 2499
12GB+512GB — 2899
12GB+1TB — 3599
Mate 70 Pro
Battery — 199
12GB+256GB — 2899
12GB+512GB — 3299
12GB+1TB — 3999
Mate 70 Pro+
Battery — 299
16GB+512GB — 4399
16GB+1TB — 4899
Mate 70 RS
Battery — 299
16GB+512GB — 6499
16GB+1TB — 6999
Camera
Huawei officially announced the new FreeBuds Pro 4 headphones. This is the first TWS headset equipped with HarmonyOS NEXT and will be officially launched at the Huawei Mate Brand Festival on November 26.
As can be seen from the poster, the headset adopts an in-ear design with black and gold color matching, and the overall shape is similar to the previous generation. With the support of the new system, FreeBuds Pro 4 is expected to bring more functional upgrades.
For reference, Huawei FreeBuds Pro 3 was released in September last year with an initial price of 1,499 yuan . It is equipped with the Kirin A2 chip that uses Polar code, supports Star Flash connection core technology and Bluetooth technology, and the new L2HC 3.0 protocol.