This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Notice - Statement About Two Privilege Escalation Vulnerabilities in Huawei Mate 7 Smartphone

  • Initial Release Date: May 22, 2015
  • Last Release Date: Dec 15, 2015

 
Di Shen from the Qihoo 360 Technology Co. Ltd reported two privilege escalation vulnerabilities in Huawei Mate7 smartphones to Huawei PSIRT in March, 2015 and will disclose the vulnerabilities at the Black Hat conference in August, 2015. Huawei has started the investigation and analysis and communicated with Di Shen immediately after receiving the report. Huawei has confirmed these vulnerabilities and provided fixed version in April, 2015.

Huawei has delivered Security Advisory. The link of the security advisory is:


http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-432799.htm

2015-12-15 V1.1 FINAL
2015-05-22 V1.0 INITIAL



Huawei believes in the principle of coordinated disclosure and makes every effort to protect the interests of customers using established vulnerability handling mechanisms. If you find any security vulnerability in a Huawei product, please report to Huawei PSIRT at psirt@huawei.com. Your coordination efforts will be appreciated.

We would like to express our appreciation for Di Shen's coordinated way in dealing vulnerabilities.

Please refer to the following links:

https://www.blackhat.com/us-15/briefings.html#attacking-your-trusted-core-exploiting-trustzone-on-android