Xiaomi mobile phone discovered a vulnerability that allows remote installation of malicious programs
Xiaomi's Android custom system MIUI discovers a high-risk vulnerability that allows man-in-the-middle attackers to remotely execute arbitrary code on the target device with system privileges. Xiaomi has released a revised version. We recommend that you upgrade it immediately. The IBM researchers who discovered the vulnerability announced the details of the vulnerability: The vulnerability exists in the MIUI analysis package, and applications that use this analysis package are vulnerable to remote code execution by man-in-the-middle, researchers have discovered vulnerabilities in multiple applications, including built-in browsers. If an application has system-level permissions, attackers can execute code with system-level permissions. The main cause of the vulnerability is that the MIUI application is upgraded over HTTP.
This article permanently updates the link address: