The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.
Weakness
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Emui | Huawei | 11.0.1 (including) | 11.0.1 (including) |
| Emui | Huawei | 12.0.0 (including) | 12.0.0 (including) |
| Emui | Huawei | 12.0.1 (including) | 12.0.1 (including) |
| Harmonyos | Huawei | 2.0 (including) | 2.0 (including) |
| Harmonyos | Huawei | 2.1 (including) | 2.1 (including) |
| Harmonyos | Huawei | 3.0.0 (including) | 3.0.0 (including) |
References
- https://consumer.huawei.com/en/support/bulletin/2023/2/
- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474
- https://consumer.huawei.com/en/support/bulletin/2023/2/
- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474