CVE-2019-5299

Name of the Vulnerable Software and Affected Versions Huawei mobile phones Hima-AL00B versions earlier than HMA-AL00C00B175

Description The issue is related to a signature verification bypass. Attackers can trick users into installing malicious applications, which can then invoke a specific interface to execute malicious code due to a defect in the signature verification logic. This can lead to the execution of arbitrary code.

Recommendations For versions earlier than HMA-AL00C00B00B175, update to version HMA-AL00C00B175 or later to resolve the issue. As a temporary workaround, consider restricting the installation of applications from untrusted sources to minimize the risk of exploitation.