Xiaomi's security app had a vulnerability
Table of contents:
Xiaomi uses the Guard Provider app as a security app on their phones. It seeks to protect users with a brand smartphone from possible attacks. Although in this case, it was precisely the security app that had a major flaw in this regard. Due to this error, security attacks were allowed on the phones.
Xiaomi's security app had a vulnerability that allowed attacks
Apparently, this app uses several SDKs within the same code, which makes the transfer of data between them slow. What has allowed the attacker to inject a code into the app.
Xiaomi security flaw
This way, if the attacker is on the same WiFi network as the user, they could carry out a Man in the Middle attack. Which would give you the ability to access data such as user passwords. It could also track user information in this regard. Furthermore, it seems that this Xiaomi security app is not the only one to use these integrated SDKs.
There are more apps that work this way, leading to operational problems. Therefore, this situation could be repeated in more cases, as some security researchers have commented. In the case of the Chinese brand it has already been resolved.
Xiaomi has confirmed that they have already solved this security problem in the app. So users are no longer vulnerable. The app has already been updated, so that it works correctly. It appears that no one has been affected by the ruling.
Grub 2 vulnerability allows security to be skipped
A serious security problem has been discovered in GRUB 2 with which anyone with physical access can freely access the system
Mobile security: the at & t security application for android
Mobile Security: AT & T's Android security application. Find out more about the security application launched by the operator.
Amd updates epyc firmware due to sev security vulnerability
AMD was warned about an issue with the EPYC processors' Secure Encrypted Virtualization (SEV) functionality.