CVE-2017-17279

Name of the Vulnerable Software and Affected Versions: Huawei Mate 9 Pro smart phones with software versions prior to LON-AL00B 8.0.0.343(C00)

Description: The soundtrigger module has an authentication bypass issue due to improper design. An attacker can trick a user into installing a malicious application, which can exploit this issue to bypass authentication. Once exploited, the attacker can control the phone to send short messages and make calls within audio range to the phone.

Recommendations: For versions prior to LON-AL00B 8.0.0.343(C00), update to version LON-AL00B 8.0.0.343(C00) or later to resolve the issue. As a temporary workaround, consider restricting the installation of applications from untrusted sources to minimize the risk of exploitation.