Earlier in this month, Huawei had released a patch to resolve the arbitrary memory read/write vulnerability issue on Huawei Mate 9 and Mate 9 Pro. Now, the Chinese firm has come across a vulnerability on Huawei P9 Plus that makes it possible for the hackers to access its vibrator service to cause the system to crash.
Huawei has also fixed the issue on P9 Plus by releasing the B386 software update. However, before the update was released, the vibrator service of the smartphone had a Denial of Service (DoS) vulnerability (assigned as CVE ID: CEV-2017-2731) because of a lack in checking parameters. It could allow hackers to use a malicious app installed on the P9 Plus to send a parameter to the vibrator service of the phone to cause the phone to freeze.
If the patch was not released quickly, hackers could have used the vulnerability to create ransomware that could have made the smartphone unusable unless their demands were met. Even though the issue has been resolved, there is no confirmation on how many P9 Plus smartphones were actually hacked through the vibrator service vulnerability.
Related: Huawei Sold Over 2.6 million Huawei P9 & P9 Plus Smartphones Since Launch
Huawei P9 Plus owners should be aware of the fact that the hackers could successfully exploit the vibrator service vulnerability only after users were tricked to install a malicious app. A simple way to avoid such a hack attack is to be careful and install only those apps that are credible.
The vulnerability for Huawei Mate 9 and Mate 9 Pro could allow hacker with root access on both devices to read and write memory data anywhere. The hackers could also initiate an arbitrary code in the TrustZone. Only Mate 9 and Mate 9 Pro that are currently running on B156 or older version are vulnerable to the attack. However, the latest firmware for these phones are enough to resolve this exploit.
(source)
