A couple of weeks back URL spoofing was discovered on Xiaomi browsers including Mi Browser and Mint browser and now another vulnerability has been discovered by the same researcher. The researcher says that the issue is specific to India region and is present on MIUI devices including MIUI for POCO. As per Khan: Due to this vulnerability, one can actually get read access as well as write access to user's (current) Clipboard data, and apart from that the attacker can also partially access user's stored social media credentials by abusing Autofill feature. How to check if the vulnerability is present on your device? Follow the step by step guide, Swipe Lockscreen to right and tap on Wallpaper Carousel. Enable Wallpaper Carousel from Lockscreen itself. Swipe right after enabling Wallpaper Carousel, tap on Wallpaper Carousel again to view this screen, tap on Read More. A web page will be opened, click on any social buttons that appear on those web pages. From here on, you can expose the clipboard data and stored autofill data for that particular social network. [gallery size="large" ids="280023,280022,280019"] [gallery size="large" ids="280018,280017,280021"] Mi Security team (MiSRC) acknowledged the vulnerability! Mi Security team has acknowledged the issue and confirmed the bug for the bug bounty program. Mi Security team has identified it as low ...
Read Here»
Post a Comment Blogger Facebook
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. As the comments are written and submitted by visitors of The Sheen Blog, they in no way represent the opinion of The Sheen Blog. Let's work together to keep the conversation civil.