Huawei has recently launched its new Mate series in China. The latest Mate 60 Series include two smartphones – Mate 60 and Mate 60 Pro. These two smartphones are the first to get a satellite connectivity message reply feature.
Apart from the above feature, the smartphones also received the upgrade of HarmonyOS 4. Now, the Chinese tech giant has officially published a bulletin of the September 2023 security patch which includes both Google and Huawei CVEs. Below let’s explore more about the patch.
Huawei detailed September 2023 security patch info
Critical: CVE-2023-21282, CVE-2023-21273.
High: CVE-2023-21287, CVE-2023-21267, CVE-2023-21281, CVE-2023-21285, CVE-2023-21286, CVE-2023-21288, CVE-2023-21292, CVE-2023-21283, CVE-2023-21272, CVE-2023-21275, CVE-2023-21268, CVE-2023-21290, CVE-2023-21265.
Medium: CVE-2023-21649.
Low: None.
As regards the vulnerabilities resolved by the EMUI patches , first of all we point out a high-level one (CVE-2022-48605) which affects authentication via fingerprint recognition and calls into question EMUI 13.0.0 and EMUI 11.0.1 . Going further, Huawei also fixed two very common high-level DoS vulnerabilities in the PMS module (EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1) which, if exploited, could cause system reboots .
Still in the new EMUI 13.0.0, a high-level vulnerability (CVE-2023-41293) was found and fixed in the DDMP module which relates to the data security classification and which, if exploited, could have endangered privacyof users. The update also fixes numerous less serious vulnerabilities (they are classified as medium-level), but equally significant: among others, we point out a couple relating to the control of the audio module which, if exploited, could have led to the activation automatic operation of one or more applications on devices with EMUI 13.0.0 and EMUI 12.0.1.
Yet another, CVE-2023-41310, was even more widespread — EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1 — and sounds pretty worrying: if exploited, it could have allowed apps malicious to remain running in the background. Returning to the topic of privacy, the CVE-2023-41305 vulnerability affects the SMS module and more precisely concerns messages sent in 5G without encryption in a VPN environment. Finally, the vulnerability CVE-2023-4565, if exploited, could have prevented the activation of the hotspot function on devices running EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1.