Xiaomi MIUI vulnerability, update your devices

Μια ευπάθεια επιτρέπει απομακρυσμένη εκτέλεση κώδικα (remote code execution ή RCE) στην εφαρμογή MIUI της Xiaomi για το λειτουργικό Android, σε όλες τις εκδόσεις της εφαρμογής πριν την MIUI Stable 7.2.

The vulnerability exists in the MIUI Analytics component, which is used by various of Android for the given how their application is used on the user's device.xiaomi a

According to her Security Intelligence Group IBM, this feature has an auto-update mechanism that allows MITM attacks (Man-in-the-middle) and can be used to distribute malware.

Because MIUI analytics does not verify the receipt of a packet, an attacker has the ability to execute its code with the privileged user privileges on the Android system.

The problem is that MIUI analytics uses HTTP to search for an update server but also to download packets. An attacker who monitors the update requests can use basic tampering techniques, and respond to the server name.

This answer naturally contains links to a malicious APK.

The case of Xiaomi's software vulnerability is very dangerous because the company is the third largest smartphone manufacturer in the world, after and Apple.

The company has over 70 more than a million 2015 devices, so you understand that too many are at risk, especially those who do not have the latest version of the operating system.

Researchers have informed Xiaomi about the issue since last January, and the company quickly released a new MIUI update that fixes vulnerability.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).