CVE-2021-22420
📋 TL;DR
This vulnerability in HarmonyOS allows local attackers to bypass the application trustlist mechanism by externally controlling system settings. Attackers can manipulate trust settings to run untrusted applications with elevated privileges. This affects devices running vulnerable versions of HarmonyOS.
💻 Affected Systems
- HarmonyOS
📦 What is this software?
Harmonyos by Huawei
⚠️ Risk & Real-World Impact
Worst Case
Local attackers could install and execute malicious applications with system-level privileges, potentially leading to complete device compromise, data theft, or persistent backdoors.
Likely Case
Local attackers bypass application security controls to run unauthorized applications, potentially leading to privilege escalation and unauthorized access to sensitive data.
If Mitigated
With proper access controls and monitoring, impact is limited to attempted privilege escalation that can be detected and blocked.
🎯 Exploit Status
Requires local access and knowledge of the trustlist mechanism; no public exploit code available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Security updates released June 2021
Vendor Advisory: https://device.harmonyos.com/cn/docs/security/update/oem_security_update_phone_202106-0000001165452077
Restart Required: Yes
Instructions:
1. Check for available system updates in device settings. 2. Apply the June 2021 security update. 3. Restart the device after installation.
🔧 Temporary Workarounds
Restrict local access
allLimit physical and network access to devices to trusted users only
Application whitelisting enforcement
allImplement strict application control policies to prevent unauthorized app execution
🧯 If You Can't Patch
- Implement strict physical security controls for devices
- Deploy endpoint detection and response (EDR) solutions to monitor for suspicious application execution
🔍 How to Verify
Check if Vulnerable:
Check HarmonyOS version in device settings; versions prior to June 2021 security updates are vulnerable.Check Version:
Settings > System > About phone > HarmonyOS versionVerify Fix Applied:
Verify HarmonyOS version shows security update from June 2021 or later applied.📡 Detection & Monitoring
Log Indicators:
- Unexpected changes to application trust settings
- Unauthorized application installation attempts
- Process execution from untrusted sources
Network Indicators:
- Unusual outbound connections from system processes
- Attempts to download applications from untrusted sources
SIEM Query:
EventType="Application Installation" AND Source="Untrusted" OR EventType="Trust Setting Change" AND User!="Authorized"