#xiaomi

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.

Categories: Android Categories: News Categories: Personal Tags: android Tags: upgrade Tags: transfer Tags: backup Tags: dispose Tags: wipe A few tips and how-tos for when you are ready to move to the next Android phone. Backup, transfer, wipe, and move on. (Read more...) The post Upgrading your Android device? Read this first appeared first on Malwarebytes Labs.

Categories: Android Categories: News Tags: Google Tags: Android Tags: Qualcomm Tags: webp Tags: ARM Mali Tags: cve-2023-4863 Tags: cve-2023-4211 Tags: cve-2023-33106 Tags: cve-2023-33107 Tags: cve-2023-22071 Tags: cve-2023-33063 Tags: 2023-10-006 Tags: patch level Google has patched 53 vulnerabilities in its Android October security updates, two of which are known to be actively exploited. (Read more...) The post Update your Android devices now! Google patches two actively exploited vulnerabilities appeared first on Malwarebytes Labs.

An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android apps that target a broader list of apps than its predecessors. Some of the other targeted prominent

A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device.

A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.

Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow.

Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow.