If you use a Xiaomi cell phone, then it is important that you know that some applications are having problems. In the last few hours, several security vulnerabilities have been identified that make apps insecure.
In a report by Oversecured, it became clear to what extent problems can affect the user. The security company shared the information with The Hacker News and explained the situation.
Errors can lead to theft of confidential information
“The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [e] disclosure of phone, settings and Xiaomi account data” – wrote the company.
That said, based on the same source of information, the apps that are at risk are the following:
-
Gallery (com.miui.gallery)
-
GetApps (com.xiaomi.mipicks)
-
Mi Video (com.miui.videoplayer)
-
MIUI Bluetooth (com.xiaomi.bluetooth)
-
Phone Services (com.android.phone)
-
Print Spooler (com.android.printspooler)
-
Security (com.miui.securitycenter)
-
Security Core Component (com.miui.securitycore)
-
Settings (com.android.settings)
-
ShareMe (com.xiaomi.midrop)
-
System Tracing (com.android.traceur), and
-
Xiaomi Cloud (com.miui.cloudservice)
Of all these flaws, the bug that harms System Tracing stands out, for example. Also in the application regarding settings, problems can lead to file theft, as well as information leaks on Bluetooth devices.
Regarding the applications mentioned, it is also important to highlight “Phone Services”, “Print Spooler”, “Settings” and “System Tracing”. These are part of the Android Open Source Project (AOSP) and were changed by Xiaomi to have more features. It is estimated that the origin of the problem lies there.
Oversecured also highlights another issue that has remained unresolved for over a year. Apparently there is a memory error affecting GetApps. This comes from an Android library called LiveEventBus.
Finally, but also of great importance, the problems with the Mi Video app stand out. Apparently, hackers can access confidential Xiaomi account information. According to The Hacker News, the intersection is easy to obtain.