• Latest
  • All
  • How To
Multiple Vulnerabilities in Xiaomi Devices Pose Threat to All Users

Multiple Vulnerabilities in Xiaomi Devices Pose Threat to All Users

May 15, 2024
Kenya startup funding growth

New Report: Startup Growth at Risk Due to Foreign Funding Dependence

June 5, 2025
Apple Airpods

Apple to Unveil Smarter AirPods at WWDC 2025 with New Gesture, Camera Features

June 5, 2025
instagram-edits

Instagram Adds Teleprompter to Edits App in Bid to Rival CapCut

June 4, 2025
Sora

Microsoft Brings Sora AI Video Generator to Bing App

June 4, 2025
DHgate Tablet Cases deals
google-ai-edge-gallery

Google Quietly Launches App to Run AI Models Locally on Android

June 4, 2025
adobe-photoshop-iphone

Adobe Launches Photoshop Beta App for Android

June 5, 2025
Material 3 Expressive

Gmail and Messages Get a Colorful Makeover

June 5, 2025
Rose Njeri, the creator of Civic Email

Rose Njeri Charged With Cybercrime for Letting Kenyans Email Their MPs

June 3, 2025
Infinix Hot 60 Pro+ Leaked Design

Infinix Hot 60 Pro+ Could Be the World’s Thinnest Curved Display Phone

June 3, 2025
Infinix Note 50 Pro Review

Infinix Note 50 Pro Review: A Budget Phone Shouldn’t Be This Good

google-chrome

Three Billion Chrome Browser Users at Risk from Zero Day Hack

June 3, 2025
Jumia technologies

Jumia Gets a Tech Boost as AXIAN Telecom Joins the Table

June 3, 2025
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
No Result
View All Result

Multiple Vulnerabilities in Xiaomi Devices Pose Threat to All Users

ElvyLewis Ndungu by ElvyLewis Ndungu
May 15, 2024
in News
Reading Time: 3 mins read
317
0

Security researchers have found 20 dangerous vulnerabilities affecting various apps and system components within Xiaomi mobile devices. Some of the security flaws reported could allow the theft of arbitrary files, and leak information about connected networks and emergency contacts.

“The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, disclosure of phone, settings, and Xiaomi account data, and other vulnerabilities.” Security researchers from OverSecured wrote in their report.

Related: Security Checklist for Your Android Smartphone

Some of the applications and system components were even found to contain more than one security flaw.

Components and applications affected

Researchers were able to scan and find vulnerabilities in components such as:

  • Security app (com.miui.securitycenter) – Vulnerability in this application could give an attacker system privileges. This would allow an attacker to get access to arbitrary activities of all applications installed on a user’s device.
  • Settings (com.android.settings) – This component had various vulnerabilities. One flaw could leak information about Bluetooth devices, connected Wi-Fi networks, Xiaomi account details, and filtered phone numbers. Another security flaw in this application could give an attacker system permission to read device files.
  • GetApps (com.xiaomi.mipicks) – Exploiting a security flaw in this component could lead to memory corruption. This vulnerability comes from the LiveEventBus library and was reported more than a year ago. However, no updates to the library are available as of yet.
  • MIUI Bluetooth (com.xiaomi.bluetooth) – A security flaw in this application could enable theft of arbitrary files and also leak bluetooth data.
  • Security core component (com.miui.securitycore) – A vulnerability within this component could allow an attacker to change device settings.
  • Phone services (com.android.phone) – A flaw could expose telephony data.
  • System Tracing (com.android.traceur) – This component was found to contain a shell command injection bug.

Other apps and components impacted include:

  • MI Video (com.miui.videoplayer)
  • Gallery (com.miui.gallery)
  • Print Spooler (com.android.printspooler)
  • Xiaomi Cloud (com.miui.cloudservices)
  • ShareMe (com.xiaomi.midrop)

The security flaws in Xiaomi mobile devices are a result of various modifications to legitimate Android Open Source Project (AOSP) components. These components include Settings, System Tracing, and Phone Services. Manufacturers usually modify these components to allow for additional functionality.

Most of these vulnerabilities have already been patched and it’s recommended you install the latest security updates available if you use a Xiaomi device.

Tags: Xiaomi
SendShare178Tweet111
ElvyLewis Ndungu

ElvyLewis Ndungu

Just a guy who loves to code and has a passion for storytelling | Bringing you the latest on all things tech. You can reach me via elvylewis@techweez.com or on Twitter.

Related Posts

Apple Event

Apple Becomes First Trillion Dollar Brand in New Global Ranking

May 20, 2025
Snapdragon 8 Elite 2

Qualcomm’s Most Powerful Mobile Chip Is Launching In September

April 29, 2025
redmi a5

Xiaomi Launches the Redmi A5 in Kenya With a 5200mAh Battery

April 22, 2025
HyperOS 3

Xiaomi’s OS Could Give You Full Control Over CPU and GPU Settings

April 14, 2025
Xiaomi_Smartphones

Xiaomi Extends Software Updates to 6 Years: Full List of Devices

April 7, 2025
Xiaomi-modular-phone-1

Xiaomi Unveils Modular Smartphone Concept with Detachable Camera Lens

March 4, 2025

Latest

Kenya startup funding growth

New Report: Startup Growth at Risk Due to Foreign Funding Dependence

June 5, 2025
Apple Airpods

Apple to Unveil Smarter AirPods at WWDC 2025 with New Gesture, Camera Features

June 5, 2025
instagram-edits

Instagram Adds Teleprompter to Edits App in Bid to Rival CapCut

June 4, 2025
Sora

Microsoft Brings Sora AI Video Generator to Bing App

June 4, 2025
google-ai-edge-gallery

Google Quietly Launches App to Run AI Models Locally on Android

June 4, 2025
adobe-photoshop-iphone

Adobe Launches Photoshop Beta App for Android

June 5, 2025

Best devices

budget smartwatches 2025

Best Budget Smartwatches To Buy in Kenya 2025

February 13, 2025

Best Infinix Smartphones To Buy in Kenya 2024

February 13, 2025

Best Laptops for Battery Life in 2024

August 21, 2024

Best “Battery Warrior” Smartphones To Buy in 2024

August 22, 2024

New Report: Startup Growth at Risk Due to Foreign Funding Dependence

June 5, 2025

Apple to Unveil Smarter AirPods at WWDC 2025 with New Gesture, Camera Features

June 5, 2025

Techweez is a fast growing influential source of technology news, reviews and analysis by leading tech geeks in the industry.

Follow Us

Editorials

Actors and Film Crews Are Worried About Veo 3 Taking Their Jobs

Samsung QLED TVs Now Officially Certified for Real Quantum Dot Technology

Trump’s Tariffs Will Be the End of Affordable Tech

5 Ways to Prep Your Tech for Resale

The Weaponization of PDFs: How Cybercriminals Are Exploiting a Trusted Format

Introducing A Brainbox Quiz: Techweez’s Monthly Trivia Night!

More News

Gmail and Messages Get a Colorful Makeover

Rose Njeri Charged With Cybercrime for Letting Kenyans Email Their MPs

Infinix Hot 60 Pro+ Could Be the World’s Thinnest Curved Display Phone

Infinix Note 50 Pro Review: A Budget Phone Shouldn’t Be This Good

Three Billion Chrome Browser Users at Risk from Zero Day Hack

Jumia Gets a Tech Boost as AXIAN Telecom Joins the Table

  • Terms Of Use
  • Techweez Brand
  • Privacy & Policy
  • Contact Us

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!

Hey there! Just a heads-up: we're big fans of cookies - both the digital and edible kind! 🍪 We use our cookies and some from third parties to ensure your browsing experience on our site is smooth sailing and secure.

 

But wait, there's more! We also use cookies to gather stats and insights on how you navigate our site. It's like getting a behind-the-scenes peek at your digital adventures!

 

Don't worry, you're in control. You can adjust your cookie settings anytime to suit your preferences. Feeling curious? Dive into our Privacy Policy for all the juicy details. Happy browsing! 🚀

Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
No Result
View All Result
  • News
  • Reviews
  • Features
  • Editorial
  • Automotive
  • Entertainment

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.