These vulnerabilities present in the default applications of the Chinese brand’s Android overlays.
Security vulnerabilities in computer systems like smartphones allow cybercriminals to remotely trigger code execution. Concretely, a hacker can launch malware without knowing the security mechanisms of the Android system.
These vulnerabilities also provide access to system components and can allow a cyberattacker to control critical system functions or obtain sensitive data, recalls the specialized site 01net.
“An attacker can launch any potentially sensitive functionality in all applications installed on the user’s device”, details Oversecured. On May 2, American researchers discovered up to 20 security vulnerabilities in applications and system components of Xiaomi smartphones. “which pose a threat to all users” of the brand.
Malware, downloaded via the Play Store or an alternative store (APK Pure or Aptoide), could for example rely on these vulnerabilities to attack banking applications.
Updates
These vulnerabilities present in the default applications of the Chinese brand’s Android overlays, HyperOS and MIUI, and in the software components essential to the operation of the interface open the door to numerous potential cyberattacks.
Among the applications affected by these security flaws, we find the Gallery app, the Getapps store (the former Xiaomi Market), the Mi Video player, the settings app or even ShareMe, the tool that allows you to easily exchange files.
Among the system components deemed vulnerable, Oversecured lists MIUI Bluetooth, phone services, print manager, Xiaomi Cloud, and the security section dedicated to protecting the device and user data.
Alerted by Oversecured, Xiaomi does not indicate whether the flaws identified have been corrected, but the deployment of patches is expected.
The only solution to protect yourself as best as possible from these threats: make sure to regularly update the applications on your Android smartphone.
