A New Flaw for Xiaomi
MIUI is the flavor of Android (currently based on Android 6.0) developed by Xiaomi. While developed primarily for use on Xiaomi’s own devices, MIUI builds are freely available for numerous devices from other vendors.
Xiaomi is currently the third-largest smartphone manufacturer in the world, behind Samsung and Apple, in terms of devices shipped. More than 70 million devices were delivered in 2015, and many millions of these may be impacted by this vulnerability.
The vulnerability we discovered allows for a man-in-the-middle (MitM) attacker to execute arbitrary code as the highly privileged Android system user. It has been remediated by Xiaomi from MIUI Global Stable version 7.2, and IBM strongly recommended that users update their firmware as soon as possible to ensure they are not vulnerable.
We would also like to commend Xiaomi’s security team for excellent incident response. Within days of disclosure, the vulnerability was confirmed and classified, and we were provided with details of when a fix would be delivered.
Read more here http://goo.gl/13xTqq
