So, there’s some news about security vulnerabilities in various apps and system parts of Xiaomi devices running on Android. According to a report from mobile security folks at Oversecured shared with The Hacker News, these vulnerabilities could let bad actors get access to all sorts of sensitive stuff, like system activities, files, and even personal data like phone info and Xiaomi account details. Scary, right?
These issues affect quite a bunch of apps and components, like Gallery, GetApps, Mi Video, and others. Among the problems, there’s a big one in the System Tracing app that could let someone inject shell commands, and some flaws in the Settings app that could lead to stealing files and leaking info about Bluetooth devices, Wi-Fi networks, and emergency contacts.
Now, some of these components are legit parts of Android, but Xiaomi tweaked them to add extra features, which unfortunately led to these vulnerabilities.
One really concerning thing is a memory issue in the GetApps app that’s been hanging around for over a year now without getting fixed. And get this, the Mi Video app has a problem where it’s broadcasting sensitive Xiaomi account info through intents, which basically means any other app on the device could grab that data.
Oversecured reported all these issues to Xiaomi between April 25 and April 30, 2024. So, if you’re using a Xiaomi device, make sure you’re up to date with the latest updates to stay safe from these potential threats.