Huawei Pushes Updates to Fix Memory Bugs in Phones

Huawei this week has pushed updates to protect three of its high-end smartphones against memory vulnerabilities that could lead to arbitrary code execution. In the best-case scenario, an attempt to exploit them would render the device inoperable by crashing its operating system.

The manufacturer addressed a double-free flaw in the touch panel driver of P10 Plus. To exploit this weakness, an attacker would need to plant a malicious app on the phone and to have root privileges on the system. The attack would work by having the app start multiple threads and free a specific memory address; a potential outcome could be execution of unauthorized code with elevated permissions. This vulnerability has been assigned a tracking number (CVE-2017-8141) and has been mitigated in the latest version of P10 Plus’s operating system (Vicky-AL00AC00B153).

The second issue mitigated by the Chinese manufacturer was a use-after-free (UAF) bug that affected the Trusted Execution Environment (TEE) module driver in the Mate 9 and Mate 9 Pro. TEE offers hardware separation so that sensitive data is stored, processed and executed securely. Exploiting this UAF would require a malicious app to manipulate the memory referencing process and potentially execute code. This flaw is identified as CVE-2017-8142 and has been eliminated in the newest versions of the operating system for Mate 9 (MHA-AL00BC00B221) and Mate 9 Pro (LON-AL00BC00B221).

It is uncertain whether the issues Huawei fixed this week would lead to arbitrary code execution, but a significant number of users have the primary prerequisites for a successful attack. A hacker does not always need to root the device if a victim has done it already. The same goes for the restriction on installing apps from trusted sources. With these hurdles removed, an attacker only needs to find a way to deliver the malicious app without raising suspicion.

The advantages of a rooted Android are too attractive for some users, who disregard the loss of security that comes with it. One of the greatest risks for an unlocked phone is malware, which can more easily penetrate the protections of the system. On a rooted device, mobile threats can install fraudulent apps, spy on users, extract private information (images, videos, documents), display pop-ups, engage in click fraud, access files from other apps and steal sensitive data like passwords or authentication codes. Simply put, malware has the same level of access to the phone as any administrative app.

The patches from Huawei are delivered automatically to the affected phones, and users should install them without delay.

Image credit: Huawei