Home Security Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

by


May 06, 2024NewsroomAndroid / Data Security

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android.

“The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data,” mobile security firm Oversecured said in a report shared with The Hacker News.

Cybersecurity

The 20 shortcomings impact different apps and components like –

  • Gallery (com.miui.gallery)
  • GetApps (com.xiaomi.mipicks)
  • Mi Video (com.miui.videoplayer)
  • MIUI Bluetooth (com.xiaomi.bluetooth)
  • Phone Services (com.android.phone)
  • Print Spooler (com.android.printspooler)
  • Security (com.miui.securitycenter)
  • Security Core Component (com.miui.securitycore)
  • Settings (com.android.settings)
  • ShareMe (com.xiaomi.midrop)
  • System Tracing (com.android.traceur), and
  • Xiaomi Cloud (com.miui.cloudservice)

Some of the notable flaws include a shell command injection bug impacting the System Tracing app and flaws in the Settings app that could enable theft of arbitrary files as well as leak information about Bluetooth devices, connected Wi-Fi networks, and emergency contacts.

It’s worth noting that while Phone Services, Print Spooler, Settings, and System Tracing are legitimate components from the Android Open Source Project (AOSP), they have been modified by the Chinese handset maker to incorporate additional functionality, leading to these flaws.

Cybersecurity

Also discovered is a memory corruption flaw impacting the GetApps app, which, in turn, originates from an Android library called LiveEventBus that Oversecured said was reported to the project maintainers over a year ago and remains unpatched to date.

The Mi Video app has been found to use implicit intents to send Xiaomi account information, such as username and email address via broadcasts, which could be intercepted by any third-party app installed on the devices using its own broadcast receivers.

Oversecured said the issues were reported to Xiaomi within a span of five days from April 25 to April 30, 2024. Users are advised to apply the latest updates to mitigate against potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex