Download Certificate- Most Promising Partner | ECIO | Most Admired Brand | Most Trusted Company

Are you using a Xiaomi's Mi or Redmi smartphone... Immediately stop using MI browser!


By MYBRANDBOOK


Are you using a Xiaomi's Mi or Redmi smartphone... Immediately stop using MI browser!

Are you using a Xiaomi's Mi or Redmi smartphone ??

Be alert !!! 

Immediately stop using its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices. Because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a researcher told on a report.

 

The vulnerability, identified as CVE-2019-10875 and discovered by security researcher Arif Khan, is a browser address bar spoofing issue that originates because of a logical flaw in the browser's interface, allowing a malicious website to control URLs displayed in the address bar. According to the advisory, affected browsers are not properly handling the "q" query parameter in the URLs, thus fail to display the portion of an https URL before the ?q= substring in the address bar. Since the address bar of a web browser is the most reliable and essential security indicator, the flaw can be used to easily trick Xiaomi users into thinking they are visiting a trusted website when actually being served with a phishing or malicious content, as shown in the video demonstration below.

 

The phishing attacks today are more sophisticated and increasingly more difficult to spot, and this URL spoofing vulnerability takes it to another level, allowing one to bypass basic indicators like URL and SSL, which are the first things a user checks to determine if a site is fake.

 

< p align="justify">Here’s how attackers can spoof URLs on Mint or MI Browser:

 

Just add "?q=" parameter after any URL following the targeted domain,

 

Example → https://t.co/WyxUCwg8OO

 

Xiaomi browsers will display "https://t.co/oMypZM6lQW" in the URL while loading the content from phishing site. pic.twitter.com/Ex6u4cxNRY

 

The researcher also confirmed on a report that the issue only affects the international variants of both the web browsers, though the domestic versions, distributed with Xiaomi smartphones in China, do not contain this vulnerability.

 

 

Another interesting though weird thing is that upon reporting the issue, Xiaomi rewarded the researcher with a bug bounty, but left the vulnerability unpatched.

 

"The vulnerability impacts millions of users globally yet the bounty offered as such was, $99 (for Mi Browser) and another $99 (for Mint Browser)," the researcher said.

 

"I would like to inform you that as of there is no official update regarding the issue. However, would request you to stay connected with the forum page for further details in this regards," the company said.

 

This is the second recently-disclosed severe issue that researchers have identified in pre-installed apps on more than 150 million Android devices manufactured by Xiaomi.

 

 

Android users are highly advised to use modern web browsers that are not affected by this vulnerability, such as Chrome or Firefox.

 

Besides this, if you are using Microsoft Edge or Internet Explorer browser on your desktop, you should also avoid using them since both browsers also contain a critical vulnerability which has not yet been patched by the tech giant.
 BREAKING NEWS  BREAKING NEWS
Cisco announces AI-native secure Wi-Fi 7 for future-ready employe

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

 TECHNO TRENDS  Placeholder image
Nazara and ONDC set to transform in-game monetization with ‘

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
Eloelo teams up with Elvish Yadav for India's biggest digital

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic
Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b
 MOVERS & SHAKERS  Placeholder image
Kamal Nath quits SIFY Technologies

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ
Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this
 OPEN YOUR EYES  Placeholder image

Contact-less Technology to Bring Revolution In This Pandemic Era
Digital Strategies Focuses On Technology To Improve Business Performance
How Work From Home Brings Various Security Challenges
The rising risk of insider threats in the remote workforce
CIO’s should have the understanding "Jugaad" to overcome technology challenges
 INTERVIEWS  Placeholder image
Bolstering its commitment to help build a truly self-reliant B

Bolstering its commitment to help build a truly self-reliant B

Cisco building a trusted and resilient future for the nation

Cisco building a trusted and resilient future for the nation

Security is foundational to everything Cisco does and customers insist on e
Autodesk continually pushing the boundaries in the Design and

Autodesk continually pushing the boundaries in the Design and

Autodesk’s vision is of a better world designed and made for all. It inte
 HOT PICK  Placeholder image
BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit
Gigabyte X3D Turbo: A Gaming Revolution

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr
 MAKE IN INDIA BRANDS   Placeholder image
ALPHAMAX TECHNOLOGIES PVT. LTD.

ALPHAMAX TECHNOLOGIES PVT. LTD.


TP-LINK INDIA PVT. LTD.

TP-LINK INDIA PVT. LTD.


BHARAT ELECTRONICS LTD.

BHARAT ELECTRONICS LTD.


FIRE BOLTT

FIRE BOLTT


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

GAINING CUSTOMERS’ TRUST IS ESSENTIAL FOR SMOOTH OMNICHANNEL INTERACTIONS

In the fiscal year 2024-25, our organization has i...

AI TO IMPROVE INSIGHTS THROUGH AUGMENTED ANALYTICS, WHILE EDGE COMPUTING TO ALLOW REAL-TIME PROCESSING

For the fiscal year 2024-25, our organization has ...

PRIORITIZING APPROPRIATE DATA MANAGEMENT AND ETHICAL AI IS THE NEED OF THE HOUR

For us, cultivating customer trust amidst for that...

 ICONS OF INDIA  Placeholder image

Icons Of India : Debjani Ghosh

Debjani Ghosh is the President of the National Association of Software...

ICONS OF INDIA : RITESH AGARWAL

Ritesh Agarwal is an Indian billionaire entrepreneur and the founder a...

Icons Of India : AALOK KUMAR

Aalok Kumar is celebrated as a global leader and recipient of the Peop...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

Ingram Micro Xvantage Strengthening Partners To Do More In The Digital Era

ngram Micro Xvantage offers a wide range of benefits for partners, such as a s...

PASS Audit – The differentiating facet

Futurenet Technologies collects feedback from customers, vendors and social me...

Delivering Innovative Solutions To Address Customer Challenges

Data plays a crucial role in Shivaami Cloud’s brand strategy. It leverages a...

 PSU  Placeholder image

DRDO - Defence Research and Development Organisation 

DRDO responsible for the development of technology for use by the mili...

IOCL - Indian Oil Corporation Ltd.  

IOCL is India’s largest oil refining and marketing company ...

NPCI - National Payments Corporation of India  

NPCI is an umbrella organization for operating retail payments and set...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

Most Trusted Brands 2024 : Adobe Inc. 

Adobe Creative Cloud is a comprehensive suite of desktop and mobile apps for d...

Most Trusted Brands 2024 : Redington Ltd. 

Redington positions itself as a bridge between global technology brands and re...

Most Trusted Brands 2024: TATA CONSULTANCY SERVICES LTD. (TCS)

TCS, a global leader in IT services, consulting, and business solutions, has b...

 Global Indian industry   Value-Added Distribution

Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex

Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...

Indian Tech Talent Excelling The Tech World - Anirudh Devgan , President, Cadence Design

Anirudh Devgan, the Global President and CEO of Cadence Design Systems...

Indian Tech Talent Excelling The Tech World - ARVIND KRISHNA, CEO – IBM

Arvind Krishna, an Indian-American business executive, serves as the C...

 STARNITE AWARDS 2024  
 ITFORUM 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 IMAGE GALLERY   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
Brandbook Brandbook
 TECHNOLOGY DISRUPTION Placeholder image

Women have significantly transformed the narrative debate on women empowerment

Women have significantly transformed the narrative debate on women empowerment

Cloud Security Failures

Cloud Security Failures

Vertiv to facilitate 5G rollout with its new NetSure IPE outdoor rectifier

Vertiv to facilitate 5G rollout with its new NetSure IPE outdoor rectifier

OneWeb successfully deploys 40 satellites launched by SpaceX

OneWeb successfully deploys 40 satellites launched by SpaceX

 UNICORNS REVOLUTIONISING Placeholder image

NoBroker Technologies Solutions Pvt Ltd.

NoBroker Technologies Solutions Pvt Ltd.

Freshworks Inc.

Freshworks Inc.

KRUTRIM 

KRUTRIM 

Fashnear Technologies Private Limited

Fashnear Technologies Private Limited


Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

CONTACT US

SUBSCRIBE NOW