Researchers found multiple vulnerabilities in various applications and system components on Xiaomi devices. “The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data,” The Hacker News report reads.
The 20 shortcomings impact different apps and components like –
By infosecbulletin
/ Monday , May 20 2024
SonicWALL SSL-VPN provides secure remote access to an organization's internal network and resources through an encrypted SSL connection. This kind...
Read More
By infosecbulletin
/ Monday , May 20 2024
The banking trojan "Grandoreiro" is spreading widely through a phishing campaign in over 60 countries, aiming at customer accounts of...
Read More
By infosecbulletin
/ Saturday , May 18 2024
Australian police are investigating a big data breach in a healthcare company after a ransomware attack on Thursday. The website...
Read More
By infosecbulletin
/ Saturday , May 18 2024
he U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that two security flaws in D-Link routers have been added to...
Read More
By infosecbulletin
/ Saturday , May 18 2024
The "Antidot" Android Banking Trojan pretends to be a Google Play update app and targets Android users in different regions....
Read More
By infosecbulletin
/ Saturday , May 18 2024
CISA published a guide on using Encrypted Domain Name System (DNS) for federal civilian agencies to improve cybersecurity and meet...
Read More
By infosecbulletin
/ Friday , May 17 2024
Cyble Research and Intelligence Labs found that two cyber threat groups, Transparent Tribe (APT36) and SideCopy, are using advanced strategies...
Read More
By infosecbulletin
/ Friday , May 17 2024
Recorded Future's Insikt Group has discovered a major cyber threat campaign carried out by Russian-speaking hackers, possibly located in the...
Read More
By infosecbulletin
/ Friday , May 17 2024
ISA issued seventeen advisories about Industrial Control Systems (ICS) on May 16, 2024. These advisories give important information about security...
Read More
By infosecbulletin
/ Thursday , May 16 2024
Intel released 41 security advisories this Patch Tuesday, which contain information about over 90 vulnerabilities in their products. The company...
Read More
Print Spooler (com.android.printspooler)
Security (com.miui.securitycenter)
Security Core Component (com.miui.securitycore)
Settings (com.android.settings)
ShareMe (com.xiaomi.midrop)
System Tracing (com.android.traceur), and
Xiaomi Cloud (com.miui.cloudservice)
Gallery (com.miui.gallery)
GetApps (com.xiaomi.mipicks)
Mi Video (com.miui.videoplayer)
MIUI Bluetooth (com.xiaomi.bluetooth)
Phone Services (com.android.phone)
Notable flaws have been found, such as a shell command injection bug in the System Tracing app, and flaws in the Settings app that could enable theft of files and leak information about Bluetooth devices, Wi-Fi networks, and emergency contacts.
The Chinese handset maker modified legitimate components from the Android Open Source Project to add extra features, which caused the flaws.
A memory corruption flaw was found in the GetApps app. This flaw comes from an Android library called LiveEventBus. Oversecured reported this issue to the project maintainers over a year ago, but it has not been fixed yet.
The Mi Video app has been found to use implicit intents to send Xiaomi account information, such as username and email address via broadcasts, which could be intercepted by any third-party app installed on the devices using its own broadcast receivers.
Oversecured reported issues to Xiaomi from April 25 to April 30, 2024. Users should update their devices to protect against potential threats.
Source: Oversecured, Thehackernews