Huawei’s Security Advisory Announces Fixes for Multiple Vulnerabilities
Similar to the Android security bulletins that Google, LG and Samsung have, Huawei is another company that keeps track of vulnerabilities that are reported to them. The company published three of these this week and they are possible on a combination of three smartphones that Huawei is currently selling. Fixes for these vulnerabilities will be included in an OTA update that Huawei (or carriers) send to the consumer, but they don’t give us an ETA as to when that update will go out.
The first vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID of CVE-2017-2711, and it targets the Huawei P9 Plus with a firmware version before VIE-AL10C00B352. This vulnerability will allow the attacker to crash the system software of the phone. The only way for this to happen is to trick the P9 Plus owner into downloading a malicious application, which then allows the attacker to crash the phone. To fix this vulnerability, the owner will just have to accept the OTA update for the new VIE-AL10C00B352 firmware.
The second vulnerability Huawei announced this week has been given the Common Vulnerabilities and Exposures (CVE) ID of CVE-2017-2703. This one is currently eligible on both the Huawei P9 as well as the Huawei Mate 9. Exploiting this vulnerability will allow the attacker to bypass the Phone Finder so they can enter the System Setting. All the person has to do is have physical access to the P9 or Mate 9 phone. Huawei has patched this vulnerability as well, so Mate 9 customers will want to look out for the MHA-DL00BC00B156 update, while P9 owners will need to look for the EVA-AL10C00B373 update.
Lastly, we have the vulnerability that has been issued the Common Vulnerabilities and Exposures (CVE) ID of CVE-2017-2698. This is currently affecting the Huawei P9 and Huawei Mate 8, and it allows the attacker to crash the system or even escalate user privilege. The only way this vulnerability can be exploited is by tricking someone who has root access to their phone into installing a malicious application. The fix for this attack has been patched in the NXT-AL10C00B386 update for the Mate 8 and the EVA-AL10C00B373 update for the P9.Source 1: Huawei Source 2: Huawei Source 3: Huawei