Published On: May 03, 2024 06:36
Advisory No: TZCERT/SA/2024/05/02-3
Source: Zero-Day Initiative
Software Affected: Xiaomi Pro 13
Xiaomi Pro is vulnerable to three (3) critical vulnerabilities. The attackers can leverage the vulnerabilities to gain access to the affected smartphone.
The three vulnerabilities rated at 8.8 and tracked as CVE-2024-4406, CVE-2024-4405, and CVE-2023-26322 are affecting the Xiaomi Pro 13 smartphone. The flaws exist in integral-dialog-page.html file, manual-upgrade.html file and within the isUrlMatchLevel method leading to the injection of an arbitrary script. The attackers can exploit the vulnerability to execute codes in the context of the current user.
Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected smartphone.
Xiaomi has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
