Severity Rating: MEDIUM
Systems Affected
•XiaomiMIUI V11.0.5.0.QFAEUXM
Overview
Multiple Vulnerabilities have been reported in Xiaomi MIUI devices which
could allow a remote attacker to obtain sensitive information or install
apps on targeted device.
Description
1. Information Disclosure Vulnerability ( CVE-2020-9530 )
This vulnerability exists in Xiaomi MIUI devices due to the mishandling of
opening other components by the component GetApps (com.xiaomi.mipicks).An
attacker could exploit this vulnerability by persuading a victim to visit a
specially-crafted website.
Successful exploitation of this vulnerability could allow a remote attacker
to obtain sensitive information from the targeted device.
2. Code Execution Vulnerability ( CVE-2020-9531 )
This vulnerability exists in Xiaomi MIUI devices due to improper
verification of the local web pages parameters by GetApps. An adjacent
attacker could install apps and obtain sensitive information from targeted
unlocked device.
Solution
Upgrade to Xiaomi MIUI2001122 or later
Vendor Information
Xiaomi
References
Xiaomi
F-Secure
CVE Name
CVE-2020-9530
CVE-2020-9531
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIVN-2020-0190] Multiple Vulnerabilities in RAILS](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )