Noticeboard
back

Thank you Letter | Thanks to FSecureLabs for supporting Xiaomi Security

Post by Pa0er at 2020-03-06 14:54:13

At the end of 2019, FSecureLabs (https://labs.f-secure.com/) submitted 2 vulnerabilities to the Xiaomi Security Center and provided a complete and detailed report. It is very helpful for improving the security of Xiaomi products and protecting the information security of Xiaomi users.

 

Vulnerability number: CVE-2020-9530

Affects Xiaomi ROM: MIUI V11.0.5.0.QFAEUXM (Special for European region)

Affects applications: GetApps (com.xiaomi.mipicks), Messaging (com.android.mms)

Fixed on version: 2001122; 11.0.1.54;

Exploit pre-conditions: Attackers need to induce users to open specific web pages in a specific network environment

Vulnerability description: There is a vulnerability in GetApps (com.xiaomi.mipicks) that can open other components, jump to Messaging (com.android.mms) and load malicious web pages, resulting in information leakage.

 

Vulnerability number: CVE-2020-9531

Affects Xiaomi ROM: MIUI V11.0.5.0.QFAEUXM (Special for European region)

Affects application: GetApps (com.xiaomi.mipicks)

Fixed on version: 2001122;

Exploit pre-conditions: Attackers need to induce users to make their unlocked phone near to a malicious NFC tag.

Vulnerability description: GetApps (com.xiaomi.mipicks) did not properly verify the parameters passed in to the local web pages, which could lead to installing specific applications in Xiaomi App Store and some information leakage.

 

Here, Xiaomi Security Center expresses its sincere thanks to FSecureLabs! At the same time, more outstanding and professional security experts and security teams are welcome to join the Xiaomi Security Center (MiSRC) to jointly guarantee the safe online life of hundreds of millions of Xiaomi users worldwide.

—   联系我们   —

新浪微博

公众号