Various security vulnerabilities have been disclosed in numerous applications and process parts in just Xiaomi devices operating Android.
“The vulnerabilities in Xiaomi led to entry to arbitrary things to do, receivers and expert services with technique privileges, theft of arbitrary files with process privileges, [and] disclosure of phone, options and Xiaomi account details,” cellular security organization Oversecured claimed in a report shared with The Hacker Information.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The 20 shortcomings impact unique apps and parts like –
- Gallery (com.miui.gallery)
- GetApps (com.xiaomi.mipicks)
- Mi Video clip (com.miui.videoplayer)
- MIUI Bluetooth (com.xiaomi.bluetooth)
- Phone Companies (com.android.phone)
- Print Spooler (com.android.printspooler)
- Security (com.miui.securitycenter)
- Security Core Component (com.miui.securitycore)
- Options (com.android.options)
- ShareMe (com.xiaomi.midrop)
- Method Tracing (com.android.traceur), and
- Xiaomi Cloud (com.miui.cloudservice)
Some of the notable flaws incorporate a shell command injection bug impacting the Method Tracing application and flaws in the Options app that could enable theft of arbitrary information as effectively as leak info about Bluetooth gadgets, linked Wi-Fi networks, and emergency contacts.
It is worth noting that when Phone Providers, Print Spooler, Settings, and Method Tracing are reputable factors from the Android Open Resource Undertaking (AOSP), they have been modified by the Chinese handset maker to incorporate added operation, foremost to these flaws.
Also learned is a memory corruption flaw impacting the GetApps app, which, in transform, originates from an Android library termed LiveEventBus that Oversecured mentioned was described to the job maintainers over a yr back and continues to be unpatched to date.
The Mi Movie app has been uncovered to use implicit intents to send Xiaomi account info, these kinds of as username and email address by way of broadcasts, which could be intercepted by any 3rd-party application put in on the units working with its very own broadcast receivers.
Oversecured mentioned the issues have been noted to Xiaomi inside of a span of 5 days from April 25 to April 30, 2024. People are recommended to use the hottest updates to mitigate towards opportunity threats.
Found this short article intriguing? Follow us on Twitter and LinkedIn to examine much more special material we post.
Some components of this post are sourced from:
thehackernews.com