CPRID-1030

Xiaomi Android devices • All Xiaomi Browser versions • Man-In-The-Disk attack leads to LPE
Reported on 16-Jan-18 by Slava Makkaveev
CPR-ID: 1030
Upload Date: 18-Apr-21

Information

Xiaomi Browser (com.android.browser package) built-in app downloads a self-updating APK file to the public accessible storage and installs the APK file after its hash verification.
An attacker can overwrite the file right after verification and lead to an arbitrary app installation.

References:
https://research.checkpoint.com/androids-man-in-the-disk/

Share this: