Security feature bypass

2023-07-0613:15:00

PRIOn knowledge base

www.prio-n.com

signature verification

iaware system

vulnerability

malicious apps

startup spoofing

system performance

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

CPENameOperatorVersion
emuieq12.0.0
emuieq12.0.1
harmonyoseq2.0.1
harmonyoseq2.0.0

Name	Operator	Version
emui	eq	12.0.0
emui	eq	12.0.1
harmonyos	eq	2.0.1
harmonyos	eq	2.0.0

References

consumer.huawei.com/en/support/bulletin/2023/7/

device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858