Download Certificate- CMOs | ECIO | Most Admired Brand | Most Trusted Company

Are you using a Xiaomi's Mi or Redmi smartphone... Immediately stop using MI browser!


By MYBRANDBOOK


Are you using a Xiaomi's Mi or Redmi smartphone... Immediately stop using MI browser!

Are you using a Xiaomi's Mi or Redmi smartphone ??

Be alert !!! 

Immediately stop using its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices. Because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a researcher told on a report.

 

The vulnerability, identified as CVE-2019-10875 and discovered by security researcher Arif Khan, is a browser address bar spoofing issue that originates because of a logical flaw in the browser's interface, allowing a malicious website to control URLs displayed in the address bar. According to the advisory, affected browsers are not properly handling the "q" query parameter in the URLs, thus fail to display the portion of an https URL before the ?q= substring in the address bar. Since the address bar of a web browser is the most reliable and essential security indicator, the flaw can be used to easily trick Xiaomi users into thinking they are visiting a trusted website when actually being served with a phishing or malicious content, as shown in the video demonstration below.

 

The phishing attacks today are more sophisticated and increasingly more difficult to spot, and this URL spoofing vulnerability takes it to another level, allowing one to bypass basic indicators like URL and SSL, which are the first things a user checks to determine if a site is fake.

 

< p align="justify">Here’s how attackers can spoof URLs on Mint or MI Browser:

 

Just add "?q=" parameter after any URL following the targeted domain,

 

Example → https://t.co/WyxUCwg8OO

 

Xiaomi browsers will display "https://t.co/oMypZM6lQW" in the URL while loading the content from phishing site. pic.twitter.com/Ex6u4cxNRY

 

The researcher also confirmed on a report that the issue only affects the international variants of both the web browsers, though the domestic versions, distributed with Xiaomi smartphones in China, do not contain this vulnerability.

 

 

Another interesting though weird thing is that upon reporting the issue, Xiaomi rewarded the researcher with a bug bounty, but left the vulnerability unpatched.

 

"The vulnerability impacts millions of users globally yet the bounty offered as such was, $99 (for Mi Browser) and another $99 (for Mint Browser)," the researcher said.

 

"I would like to inform you that as of there is no official update regarding the issue. However, would request you to stay connected with the forum page for further details in this regards," the company said.

 

This is the second recently-disclosed severe issue that researchers have identified in pre-installed apps on more than 150 million Android devices manufactured by Xiaomi.

 

 

Android users are highly advised to use modern web browsers that are not affected by this vulnerability, such as Chrome or Firefox.

 

Besides this, if you are using Microsoft Edge or Internet Explorer browser on your desktop, you should also avoid using them since both browsers also contain a critical vulnerability which has not yet been patched by the tech giant.
 BREAKING NEWS  BREAKING NEWS
Zscaler unveils Digital Experience Monitoring Copilot

Zscaler unveils Digital Experience Monitoring Copilot...

Zscaler has announced groundbreaking innovations - ZDX Copilot, Hosted Mon...

Ola Krutrim unveils its AI vision for India

Ola Krutrim unveils its AI vision for India...

Ola's artificial intelligence platform, Krutrim has revealed its plans to ...

Tamil Nadu Police Facial Recognition Portal faced breach

Tamil Nadu Police Facial Recognition Portal faced breach...

A security flaw was discovered in the facial recognition webpage of the Ta...

With iOS 18, Apple to fully invest in AI

With iOS 18, Apple to fully invest in AI...

Tim Cook, the CEO of Apple, has made reference to sophisticated AI features...

 TECHNO TRENDS  Placeholder image
BHIM to join e-commerce, competing with PhonePe and Google Pay

BHIM to join e-commerce, competing with PhonePe and Google Pay

The government-supported payment software BHIM is getting ready to join t...

The latest version of X helps prevent deepfakes on social medi

The latest version of X helps prevent deepfakes on social medi

To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...

India and Namibia collaborate on a payment system similar to U

India and Namibia collaborate on a payment system similar to U

Once operational, the platform will enable digital transactions in Namibia,...

Sebi issues show-cause notices to six Adani group firms

Sebi issues show-cause notices to six Adani group firms

Sebi issued show-cause notices to six Adani Group firms, including Adani ...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
S.S. Rajamouli and Disney+ Hotstar brings the untold story of

S.S. Rajamouli and Disney+ Hotstar brings the untold story of

Airtel Xstream Play strengthens regional content library, part

Airtel Xstream Play strengthens regional content library, part

Bharti Airtel (“Airtel”), one of India’s leading telecommunications

ED attaches Raj Kundra, Shilpa Shetty’s Rs 97 crore worth as

ED attaches Raj Kundra, Shilpa Shetty’s Rs 97 crore worth as

The Enforcement Directorate (ED) has seized businessman Raj Kundra's pro
 MOVERS & SHAKERS  Placeholder image
New Relic names Katrina Wong as CMO

New Relic names Katrina Wong as CMO

Clover Infotech appointed Subham Banerjee as CDO

Clover Infotech appointed Subham Banerjee as CDO

Clover Infotech has announced the appointment of Subham Banerjee as its Ch
Saviynt ropes in Sanjeevi Kumar as new Sales Director in India

Saviynt ropes in Sanjeevi Kumar as new Sales Director in India

The cloud-native identity and governance platform solutions provider Saviy
 OPEN YOUR EYES  Placeholder image

Data security and Digital strike is the top priority of the Government
How to secure confidential data while working remotely
Brands across the board are reinventing strategies to bring back customers
Technology has made organizations more dependent by using facial recognition
Digital economy is at risk with the growing cyber attacks
 INTERVIEWS  Placeholder image
Technology and a robust partner network help position Allied T

Technology and a robust partner network help position Allied T

HPE’s transformation into an edge-to-cloud company is its un

HPE’s transformation into an edge-to-cloud company is its un

Hewlett Packard Enterprise (HPE) is driving towards one customer experience
Check Point takes pride in providing customers with the best c

Check Point takes pride in providing customers with the best c

Check Point has categorized its 80 products and technologies into four main
 HOT PICK  Placeholder image
Lenovo launches IdeaPad Pro 5i in India with Intel Core Ultra

Lenovo launches IdeaPad Pro 5i in India with Intel Core Ultra

COLORFUL rolls out an array of gaming laptops

COLORFUL rolls out an array of gaming laptops

COLORFUL launched its incredible series of COLORFUL EVOL P15 gaming laptop
Dell Technologies launches new AI-powered commercial PC portfo

Dell Technologies launches new AI-powered commercial PC portfo

Dell Technologies has launched the broadest portfolio of commercial AI lap
 MAKE IN INDIA BRANDS   Placeholder image
SAFE SECURITY SERVICES PVT. LTD.

SAFE SECURITY SERVICES PVT. LTD.


SECLORE TECHNOLOGY PVT. LTD. 

SECLORE TECHNOLOGY PVT. LTD. 


DELL TECHNOLOGIES INDIA PVT. LTD.  

DELL TECHNOLOGIES INDIA PVT. LTD.  


RELIANCE JIO INFOCOMM LTD.

RELIANCE JIO INFOCOMM LTD.


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

To be competitive in the market, it’s vital to stay technologically relevant

In addition, we are conducting Regular Audits and ...

Technology is opening ways to expand business growth

To increase efficiency and productivity while cutt...

Promising to deliver significant value and enhance customer experience with proactive solutions

As a technology leader and that too of a Firm whic...

 ICONS OF INDIA  Placeholder image

Technology Icons Of India 2023: Som Satsangi

With more than three decades in the IT Sector, Som is responsible for ...

Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)

LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...

Technology Icons Of India 2023: Harsh Jain

Harsh Jain is an Indian Entrepreneur, the co-founder and CEO of the In...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

Symmetrix Empowering Collaboration between OEMs, Customers, and SMEs for Seamless Project Execution and Growth

A robust support system exists that fosters seamless communication and collabo...

RAH infotech bolstering its position as a leading VAD with its commitment to excellence

The future of the IT industry in India is promising, with several trends and f...

Rashi Peripherals Expanding Solutions Portfolio and Entering New Territories for 360-Degree Growth

Rashi Peripherals Limited’s strategic viewpoints of value addition, innovati...

 PSU  Placeholder image

EESL encouraging e-mobility adoption across India  

Energy Efficiency Services Limited (EESL) is a Super Energy Service Co...

INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country 

IndianOil, a diversified, integrated energy major with presence in alm...

GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure  

Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

Most Trusted Brands 2023 : HCL Technologies Limited   

HCL Technologies is a leader in innovation, and has a strong track record of ...

Most Trusted Brands 2023 : Cisco Systems India Pvt. Ltd.

Cisco is known to have made many acquisitions over the years and seeks for com...

Most Trusted Brands 2023 : Redington India Ltd.

Redington is a US$8.4 billion technology solution provider with a network of ...

 Value-Added Distribution  Value-Added Distribution

M. TECH SOLUTIONS (I) PVT. LTD.

M.Tech is a leading cyber security and network performance solutions ...

REDINGTON INDIA LIMITED

Redington (India) Limited operates in the IT product distribution busi...

SONATA INFORMATION TECHNOLOGY LIMITED

Sonata Software Limited is a leading Modernization engineering company...

 ITFORUM 2024  
 WIITF 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 EMINENT CIO's OF INDIA   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
 TECHNOLOGY DISRUPTION Placeholder image

Impacts of AI on cybersecurity

Impacts of AI on cybersecurity

Keep digital devices BOT free

Keep digital devices BOT free

Growing acceptance of TikTok, worries Facebook and Youtube

Growing acceptance of TikTok, worries Facebook and Youtube

Tech Mahindra collaborates with Google to launch Generative AI powered Email amplifAIer

Tech Mahindra collaborates with Google to launch Generative AI powered Email amplifAIer

 UNICORNS REVOLUTIONISING Placeholder image

Think and Learn private limited

Think and Learn private limited

ATHER ENERGY PRIVATE LIMITED

ATHER ENERGY PRIVATE LIMITED

Coforge Limited

Coforge Limited

Citiustech Healthcare Technology Private Limited

Citiustech Healthcare Technology Private Limited


Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

CONTACT US

SUBSCRIBE NOW