Security Advisory - App Validity Check Bypass Vulnerability in Huawei P7 Smartphone

The PackageInstaller module on Huawei smartphone P7 has a vulnerability in validity check of third-party apps. Attackers can configure some specific information in the malware packages so that smartphones consider that the package is downloaded from whitelisted websites. As a result, the malware can bypass the validity check. (Vulnerability ID: HWPSIRT-2014-0892)

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9135.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

<http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-397472.htm&gt;