Hackers use Twitter Card vulnerability and attack users
infosec

Hackers use Twitter Card vulnerability and attack users

Twitter was found with a new vulnerability, which could allow hackers to attack its users ...
Read More
infosec

Firefox 70 brings Lockwise password manager. Get ready for a lot of hacks!

Mozilla brings Lockwise password manager to Firefox 70, which is expected to be released on October 22. Firefox ...
Read More
inet infosec

Google buys random human data for just $ 5

Google is one of the world's largest technology companies and is constantly working on new, innovative projects. It employs a ...
Read More
infosec

How dangerous and frequent is an attack on RDP-enabled computers?

How long does it take for an attack on RDP-enabled computers? In some cases, a few minutes. In most, less than 24 hours. The...
Read More
infosec

Watchbog: Attacks on servers to "keep the internet safe"

Hackers are exploiting vulnerable Jira and Exim servers to infect them with a new variant of Watchbog Linux ...
Read More
Latest Posts

Xiaomi: Beware! URL spoofing vulnerability to built-in Mobile App Browser!

Caution! If you use Xiaomi Mi or Redmi smartphone, you should immediately stop using the built-in MI browser or Mint browser available in Google Play Store for devices Android not belonging to Xiaomi.

The two web browser apps created by Xiaomi are vulnerable to a critical vulnerability that has not yet been repaired.

The vulnerability, identified as CVE-2019-10875 and discovered by security researcher Arif Khan, is an issue that causes the browser's spoofing URL due to a logical flaw in the browser environment, allowing a malicious site to control the addresses URL that appear in the address bar.

Since the web browser's address bar is the most reliable and basic security indicator, the defect can be used to easily mislead Xiaomi users thinking that they are visiting a trustworthy site when they actually engage in Phishing or malicious content.

Xiaomi

Phishing attacks today are more sophisticated and more and more difficult to locate and this URL spoofing vulnerability is quite worrying, allowing someone to bypass key indexes such as URLs and SSL, the first things the user checks to see if a site is a fake.

The most odd of the case is that affects only the international variations of the two web browsers, although domestic versions distributed with Xiaomi smartphones in China do not contain this vulnerability.

So the legitimate question arises if Chinese manufacturers deliberately leave international users vulnerable through vulnerable OS, applications and firmware.

It is even more surprising that Xiaomi rewarded the security researcher with bug bounty, but it has not yet taken care of the bug.

Whatever the continuation of the situation, those who use Android are highly recommended to use modern web browsers that are not affected by this vulnerability, such as the Chrome or Firefox.

Besides, if you're using the browser Microsoft Edge or Internet Explorer on your desktop, you should also avoid using them, and both browsers contain a critical vulnerability that has not yet been repaired by the giant.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *