Security Advisory - Multiple Vulnerabilities in Huawei Smart Phones

Huawei smart phones have two authentication bypass vulnerabilities. An attacker may tricks users into installing a malicious app, and the app could exploit these vulnerabilities to bypass the permission checks, controlling partial module functions (Vulnerability ID: HWPSIRT-2016-03013), and deleting partial data of users (Vulnerability ID: HWPSIRT-2016-05018).

Huawei smart phones have a buffer overflow vulnerability. An attacker may tricks users into installing a malicious app, and the app could exploit this vulnerability to crash the system. (Vulnerability ID: HWPSIRT-2016-05019)

Vulnerability HWPSIRT-2016-03013 has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-5230.

Vulnerability HWPSIRT-2016-05018 has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-5231.

Vulnerability HWPSIRT-2016-05019 has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-5232.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160520-01-smartphone-en&gt;