Huawei to fix newfound security vulnerabilities in the P9, P9 Plus, Mate 8 and Mate 9
Huawei's security bulletin published three new vulnerabilities discovered in some of the company's high-profile smartphones. One of these is already solved, while the rest are to be closed in upcoming software updates. There's no time frame given for their release.
Vulnerability CVE-2017-2711 is present in the Huawei P9 Plus. It lets attackers "crash" the smartphone by tricking users into downloading a malicious application. This hole is closed in firmware version VIE-AL10C00B352 and later.
The second vulnerability (CVE-2017-2703) is found in the Huawei P9 and Huawei Mate 9. It lets attackers with physical access to the phones get in the System Settings menu by bypassing the Phone Finder app. Huawei fixed this in the MHA-DL00BC00B156 update for the Mate 9 and the EVA-AL10C00B373 update for the P9.
The third vulnerability (CVE-2017-2698) is affecting rooted Huawei P9 and Huawei Mate 8 devices. It lets attackers crash them by running malicious code. It has been patched in the NXT-AL10C00B386 update for the Mate 8 and the EVA-AL10C00B373 update for the P9.