Vishwaraj Bhattrai

just another infosec enthusiast

Content provider injection in Xiaomi stock browser

Summary:
Xiaomi
 Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones were vulnerable to content provider injection using which any 3rd party application can read the user’s browser history.

Vulnerable component:
com.android.browser.searchhistory

Drozer command:
run app.provider.query content://com.android.browser.searchhistory/searchhistory

Poc Image:

table_info.png

Fixing Timeline:

  • Reported to Xiaomi team on 2018-11-24
  • Bug reproduced by the team and fixed in the newer version.
  • Fix verified on 2018-12-27
  • CVE-2018-20523 assigned

 

Advertisement
Privacy Settings

Published by

One response to “Content provider injection in Xiaomi stock browser”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: