Xiaomi Android Devices Contain a Variety of Defects in System Components and Apps
Xiaomi Android Devices Contain a Variety of Defects in System Components and Apps
Read more about Xiaomi Android Devices that contain a variety of defects in system components and apps.
A multitude of security vulnerabilities have been discovered across diverse applications and system components operating on Xiaomi Android devices.
“The Xiaomi vulnerabilities enabled unauthorized usage of receivers and services, theft of arbitrary files with system privileges, and publication of phone, settings, and Xiaomi account data,” a report from the mobile security firm Oversecured was obtained by News4Hackers.
The twenty deficiencies affect various applications and components, including:
- Gallery (com.miui.gallery)
- GetApps (com.xiaomi.mipicks)
- Mi Video (com.miui.videoplayer)
- MIUI Bluetooth (com.xiaomi.bluetooth)
- Phone Services (com.android.phone)
- Print Spooler (com.android.printspooler)
- Security (com.miui.securitycenter)
- Security Core Component (com.miui.securitycore)
- Settings (com.android.settings)
- ShareMe (com.xiaomi.midrop)
- System Tracing (com.android.traceur), and
- Xiaomi Cloud (com.miui.cloudservice)
Notable vulnerabilities encompass a shell command injection issue that affects the System Tracing application, as well as vulnerabilities in the Settings app that may permit arbitrary file theft and disclosure of information regarding Bluetooth devices, connected Wi-Fi networks, and emergency contacts.
It is noteworthy to mention that although Phone Services, Print Spooler, Settings, and System Tracing are authentic elements derived from the Android Open Source Project (AOSP), the Chinese handset manufacturer has altered them to include supplementary functionalities, thereby introducing these vulnerabilities.
Additionally, a memory corruption vulnerability affecting the GetApps application was identified. This vulnerability originates from the LiveEventBus Android library, which, according to Oversecured, was submitted to the project maintainers more than a year ago but has not yet been patched.
It has been discovered that the Xiaomi Video app employs implicit intents to transmit account information, including username and email address, through broadcasts. Such data could be intercepted by a third-party application that is installed on the device and utilizes its own broadcast receivers.
According to Oversecured, Xiaomi was notified of the issues over the course of five days, from April 25 to April 30, 2024. It is recommended that users install the most recent updates in order to protect themselves from potential attacks.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE ARTICLE HERE
Do Not Open .exe File, Indian Cyber Crime Control Handle Cyber Dost Issued Advisory
Intel and Arm Macs are being targeted by New ‘Cuckoo’ Persistent macOS Spyware
What is Digital Arrest & How Do People Lose Money Due to Fake Police? Beware!
About Author
English