Mobile app security firm Oversecured discovered a total of 20 vulnerabilities affecting devices from Xiaomi. According to the team, the flaws could cause different issues for Xiaomi users, ranging from theft of arbitrary files to account information interception.
“Our team discovered 20 dangerous vulnerabilities across various applications and system components that pose a threat to all Xiaomi users,” the firm shared in the report. “The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, disclosure of phone, settings and Xiaomi account data, and other vulnerabilities.”
According to Oversecured, these are the different sections of Xiaomi’s device systems affected by the flaws:
- Gallery (com.miui.gallery)
- GetApps (com.xiaomi.mipicks)
- Mi Video (com.miui.videoplayer)
- MIUI Bluetooth (com.xiaomi.bluetooth)
- Phone Services (com.android.phone)
- Print Spooler (com.android.printspooler)
- Security (com.miui.securitycenter)
- Security Core Component (com.miui.securitycore)
- Settings (com.android.settings)
- ShareMe (com.xiaomi.midrop)
- System Tracing (com.android.traceur), and
- Xiaomi Cloud (com.miui.cloudservice)
On a positive note, Oversecured shared that it already reported the issues to the Chinese smartphone giant from April 25 to April 30, 2023. With this, all Xiaomi users are advised to keep their systems updated to prevent any other issues involving the said flaws.
We reached out to Xiaomi to confirm the report, and we will update this story soon.
