Monday , May 20 2024
Xaomi

Xiaomi Android Devices Hit by Multiple Flaws

infosecbulletin 2 weeks ago Alert, Vulnerabilities

Researchers found multiple vulnerabilities in various applications and system components on Xiaomi devices. “The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data,” The Hacker News report reads.

The 20 shortcomings impact different apps and components like –

BCSI BLOG POST
SonicWALL Vulnerability Traded; threating for Corporate network in Bangladesh

By infosecbulletin / Monday , May 20 2024
SonicWALL SSL-VPN provides secure remote access to an organization's internal network and resources through an encrypted SSL connection. This kind...
Read More
BCSI BLOG POST SonicWALL Vulnerability Traded; threating for Corporate network in Bangladesh

Banking trojan Grandoreiro targeting about 1,500 banks over 60 countries

By infosecbulletin / Monday , May 20 2024
The banking trojan "Grandoreiro" is spreading widely through a phishing campaign in over 60 countries, aiming at customer accounts of...
Read More
Banking trojan Grandoreiro targeting about 1,500 banks over 60 countries

Australian gov.t warns of ‘large-scale ransomware data breach’

By infosecbulletin / Saturday , May 18 2024
Australian police are investigating a big data breach in a healthcare company after a ransomware attack on Thursday. The website...
Read More
Australian gov.t warns of ‘large-scale ransomware data breach’

Patch Now: CISA Warns of Actively Exploited D-Link Router Vulnerabilities

By infosecbulletin / Saturday , May 18 2024
he U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that two security flaws in D-Link routers have been added to...
Read More
Patch Now: CISA Warns of Actively Exploited D-Link Router Vulnerabilities

New “Antidot” Banking Trojan disguised Fake Google Play Updates

By infosecbulletin / Saturday , May 18 2024
The "Antidot" Android Banking Trojan pretends to be a Google Play update app and targets Android users in different regions....
Read More
New “Antidot” Banking Trojan disguised Fake Google Play Updates

CISA Published Encrypted DNS Implementation Guidance

By infosecbulletin / Saturday , May 18 2024
CISA published a guide on using Encrypted Domain Name System (DNS) for federal civilian agencies to improve cybersecurity and meet...
Read More
CISA Published Encrypted DNS Implementation Guidance

Cyble Research
Transparent Tribe & SideCopy: A Cyber Alliance Targeting India

By infosecbulletin / Friday , May 17 2024
Cyble Research and Intelligence Labs found that two cyber threat groups, Transparent Tribe (APT36) and SideCopy, are using advanced strategies...
Read More
Cyble Research Transparent Tribe & SideCopy: A Cyber Alliance Targeting India

Recordedfuture report
Hackers Exploit GitHub to Spread Malware targeting operating systems

By infosecbulletin / Friday , May 17 2024
Recorded Future's Insikt Group has discovered a major cyber threat campaign carried out by Russian-speaking hackers, possibly located in the...
Read More
Recordedfuture report Hackers Exploit GitHub to Spread Malware targeting operating systems

ALERT
CISA issued Seventeen Industrial Control Systems Advisories

By infosecbulletin / Friday , May 17 2024
ISA issued seventeen advisories about Industrial Control Systems (ICS) on May 16, 2024. These advisories give important information about security...
Read More
ALERT CISA issued Seventeen Industrial Control Systems Advisories

Intel released 41 Security Advisories Over 90 Vulnerabilities

By infosecbulletin / Thursday , May 16 2024
Intel released 41 security advisories this Patch Tuesday, which contain information about over 90 vulnerabilities in their products. The company...
Read More
Intel released 41 Security Advisories Over 90 Vulnerabilities

Print Spooler (com.android.printspooler)
Security (com.miui.securitycenter)
Security Core Component (com.miui.securitycore)
Settings (com.android.settings)
ShareMe (com.xiaomi.midrop)
System Tracing (com.android.traceur), and
Xiaomi Cloud (com.miui.cloudservice)
Gallery (com.miui.gallery)
GetApps (com.xiaomi.mipicks)
Mi Video (com.miui.videoplayer)
MIUI Bluetooth (com.xiaomi.bluetooth)
Phone Services (com.android.phone)

Notable flaws have been found, such as a shell command injection bug in the System Tracing app, and flaws in the Settings app that could enable theft of files and leak information about Bluetooth devices, Wi-Fi networks, and emergency contacts.

The Chinese handset maker modified legitimate components from the Android Open Source Project to add extra features, which caused the flaws.

A memory corruption flaw was found in the GetApps app. This flaw comes from an Android library called LiveEventBus. Oversecured reported this issue to the project maintainers over a year ago, but it has not been fixed yet.

The Mi Video app has been found to use implicit intents to send Xiaomi account information, such as username and email address via broadcasts, which could be intercepted by any third-party app installed on the devices using its own broadcast receivers.

Oversecured reported issues to Xiaomi from April 25 to April 30, 2024. Users should update their devices to protect against potential threats.

Source: Oversecured, Thehackernews

Check Also

intel

Intel released 41 Security Advisories Over 90 Vulnerabilities

Intel released 41 security advisories this Patch Tuesday, which contain information about over 90 vulnerabilities …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin