Download Certificate- Most Promising Partner | ECIO | Most Admired Brand | Most Trusted Company

Are you using a Xiaomi's Mi or Redmi smartphone... Immediately stop using MI browser!


By MYBRANDBOOK


Are you using a Xiaomi's Mi or Redmi smartphone... Immediately stop using MI browser!

Are you using a Xiaomi's Mi or Redmi smartphone ??

Be alert !!! 

Immediately stop using its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices. Because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a researcher told on a report.

 

The vulnerability, identified as CVE-2019-10875 and discovered by security researcher Arif Khan, is a browser address bar spoofing issue that originates because of a logical flaw in the browser's interface, allowing a malicious website to control URLs displayed in the address bar. According to the advisory, affected browsers are not properly handling the "q" query parameter in the URLs, thus fail to display the portion of an https URL before the ?q= substring in the address bar. Since the address bar of a web browser is the most reliable and essential security indicator, the flaw can be used to easily trick Xiaomi users into thinking they are visiting a trusted website when actually being served with a phishing or malicious content, as shown in the video demonstration below.

 

The phishing attacks today are more sophisticated and increasingly more difficult to spot, and this URL spoofing vulnerability takes it to another level, allowing one to bypass basic indicators like URL and SSL, which are the first things a user checks to determine if a site is fake.

 

< p align="justify">Here’s how attackers can spoof URLs on Mint or MI Browser:

 

Just add "?q=" parameter after any URL following the targeted domain,

 

Example → https://t.co/WyxUCwg8OO

 

Xiaomi browsers will display "https://t.co/oMypZM6lQW" in the URL while loading the content from phishing site. pic.twitter.com/Ex6u4cxNRY

 

The researcher also confirmed on a report that the issue only affects the international variants of both the web browsers, though the domestic versions, distributed with Xiaomi smartphones in China, do not contain this vulnerability.

 

 

Another interesting though weird thing is that upon reporting the issue, Xiaomi rewarded the researcher with a bug bounty, but left the vulnerability unpatched.

 

"The vulnerability impacts millions of users globally yet the bounty offered as such was, $99 (for Mi Browser) and another $99 (for Mint Browser)," the researcher said.

 

"I would like to inform you that as of there is no official update regarding the issue. However, would request you to stay connected with the forum page for further details in this regards," the company said.

 

This is the second recently-disclosed severe issue that researchers have identified in pre-installed apps on more than 150 million Android devices manufactured by Xiaomi.

 

 

Android users are highly advised to use modern web browsers that are not affected by this vulnerability, such as Chrome or Firefox.

 

Besides this, if you are using Microsoft Edge or Internet Explorer browser on your desktop, you should also avoid using them since both browsers also contain a critical vulnerability which has not yet been patched by the tech giant.
 BREAKING NEWS  BREAKING NEWS
Cisco announces AI-native secure Wi-Fi 7 for future-ready employe

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

 TECHNO TRENDS  Placeholder image
Nazara and ONDC set to transform in-game monetization with ‘

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
Eloelo teams up with Elvish Yadav for India's biggest digital

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic
Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b
 MOVERS & SHAKERS  Placeholder image
Kamal Nath quits SIFY Technologies

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ
Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this
 OPEN YOUR EYES  Placeholder image

Growing cyberattacks is a raising concern ,it’s time to evaluate cloud-first strategy
Data security and Digital strike is the top priority of the Government
Changing Dynamics Of Cybersecurity In The Age of Coronavirus
Artificial Intelligence and Cyber-security are key pillars of Digitization
Capitalising on agility to win the digital banking competition
 INTERVIEWS  Placeholder image
Alpha Max offers high end solutions in the network space to en

Alpha Max offers high end solutions in the network space to en

AMD Pensando driving innovation in the DPU architecture space

AMD Pensando driving innovation in the DPU architecture space

AMD Pensando stands out in the DPU (Data Processing Unit) market with its u
Autodesk continually pushing the boundaries in the Design and

Autodesk continually pushing the boundaries in the Design and

Autodesk’s vision is of a better world designed and made for all. It inte
 HOT PICK  Placeholder image
BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit
Gigabyte X3D Turbo: A Gaming Revolution

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr
 MAKE IN INDIA BRANDS   Placeholder image
TALLY SOLUTIONS PVT. LTD.

TALLY SOLUTIONS PVT. LTD.


TP-LINK INDIA PVT. LTD.

TP-LINK INDIA PVT. LTD.


EXIDE INDUSTRIES LTD.

EXIDE INDUSTRIES LTD.


VERSA NETWORKS INDIA PVT. LTD.

VERSA NETWORKS INDIA PVT. LTD.


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

SUSTAINING SUCCESS BY DELIVERING VALUE TO CUSTOMERS

This includes conducting regular audits, risk asse...

USING AI & BI OFFERINGS TO ADDRESS CLIENT NEEDS

In the fiscal year 2024-25, Assisto Technologies h...

AGILE TECHNIQUE ENCOURAGES TEAMWORK, ADAPTABILITY, AND CONTINUOUS ITERATION

Several emerging technology trends are significant...

 ICONS OF INDIA  Placeholder image

Icons Of India : Dilip Asbe

At present, Dilip Asbe is heading National Payments Corporation of Ind...

ICONS OF INDIA : RISHAD PREMJI

Rishad Premji is Executive Chairman of Wipro Limited, a $11.3 billion ...

ICONS OF INDIA : RAJESH NAMBIAR

Rajesh leads the company’s India associates and enhances relationshi...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

Empowering clients with innovative solutions to thrive in evolving digital landscape

Hitachi Systems India employs a multifaceted approach to assess brand awarenes...

Constantly Modifying Services And Strategies To Remain Pertinent And Competitive

The company conducts regular audits and reviews of its brand communication eff...

Enhanced Skills & Expertise helping to better serve customers and stay ahead of the curve

Feedback Forms: Conducting surveys and collecting feedback from customers is a...

 PSU  Placeholder image

NPCI - National Payments Corporation of India  

NPCI is an umbrella organization for operating retail payments and set...

NSE - National Stock Exchange  

NSE is the leading stock exchange in India....

TCIL - Telecommunications Consultants India Limited  

TCIL is a government-owned engineering and consultancy company...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

Most Trusted Brands 2024 : ACCENTURE PLC

Accenture is renowned for its commitment to technological innovation. It inves...

Most Trusted Brands 2024 : Adobe Inc. 

Adobe Creative Cloud is a comprehensive suite of desktop and mobile apps for d...

RELIANCE JIO INFOCOMM LTD.

Reliance Jio commonly known as Jio, has been a significant disruptor in the te...

 Global Indian industry   Value-Added Distribution

Indian Tech Talent Excelling The Tech World - Aneel Bhusri, CEO, Workday

Aneel Bhusri, Co-Founder and Executive Chair at Workday, has been a le...

Indian Tech Talent Excelling The Tech World - Shantanu Narayen, CEO- Adobe Systems Incorporated

Shantanu Narayen, CEO of Adobe Systems Incorporated, is renowned for h...

Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex

Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...

 STARNITE AWARDS 2024  
 ITFORUM 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 IMAGE GALLERY   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
Brandbook Brandbook
 TECHNOLOGY DISRUPTION Placeholder image

Airtel 5G Plus goes live in Shimla

Airtel 5G Plus goes live in Shimla

VMware partners with IIT Bombay to create a cohesive platform to influence and advance Systems Research practice in India

VMware partners with IIT Bombay to create a cohesive platform to influence and advance Systems Research practice in India

Delhi & NCR Vi customers to enjoy stronger indoor 4G connectivity

Delhi & NCR Vi customers to enjoy stronger indoor 4G connectivity

7 in 10 working women in India quit or consider quitting their jobs: LinkedIn

7 in 10 working women in India quit or consider quitting their jobs: LinkedIn

 UNICORNS REVOLUTIONISING Placeholder image

Fashnear Technologies Private Limited

Fashnear Technologies Private Limited

CredAvenue Private Limited

CredAvenue Private Limited

MakeMyTrip Limited

MakeMyTrip Limited

C.E. Info Systems Ltd.

C.E. Info Systems Ltd.


Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

CONTACT US

SUBSCRIBE NOW