Xiaomi Android Gadgets Hit by A number of Flaws Throughout Apps and System Parts

Could 06, 2024NewsroomAndroid / Information Safety

A number of safety vulnerabilities have been disclosed in numerous functions and system parts inside Xiaomi units operating Android.

“The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data,” cell safety agency Oversecured stated in a report shared with The Hacker Information.

Cybersecurity

The 20 shortcomings affect completely different apps and parts like –

  • Gallery (com.miui.gallery)
  • GetApps (com.xiaomi.mipicks)
  • Mi Video (com.miui.videoplayer)
  • MIUI Bluetooth (com.xiaomi.bluetooth)
  • Telephone Providers (com.android.telephone)
  • Print Spooler (com.android.printspooler)
  • Safety (com.miui.securitycenter)
  • Safety Core Element (com.miui.securitycore)
  • Settings (com.android.settings)
  • ShareMe (com.xiaomi.midrop)
  • System Tracing (com.android.traceur), and
  • Xiaomi Cloud (com.miui.cloudservice)

Among the notable flaws embody a shell command injection bug impacting the System Tracing app and flaws within the Settings app that would allow theft of arbitrary information in addition to leak details about Bluetooth units, related Wi-Fi networks, and emergency contacts.

It is price noting that whereas Telephone Providers, Print Spooler, Settings, and System Tracing are reputable parts from the Android Open Supply Undertaking (AOSP), they’ve been modified by the Chinese language handset maker to include further performance, main to those flaws.

Cybersecurity

Additionally found is a reminiscence corruption flaw impacting the GetApps app, which, in flip, originates from an Android library referred to as LiveEventBus that Oversecured stated was reported to the challenge maintainers over a yr in the past and stays unpatched so far.

The Mi Video app has been discovered to make use of implicit intents to ship Xiaomi account data, akin to username and e-mail deal with through broadcasts, which may very well be intercepted by any third-party app put in on the units utilizing its personal broadcast receivers.

Oversecured stated the problems have been reported to Xiaomi inside a span of 5 days from April 25 to April 30, 2024. Customers are suggested to use the most recent updates to mitigate towards potential threats.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.

Recent articles

Hackers Use Microsoft MSC Information to Deploy Obfuscated Backdoor in Pakistan Assaults

Dec 17, 2024Ravie LakshmananCyber Assault / Malware A brand new...

INTERPOL Pushes for

Dec 18, 2024Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...