Content provider injection in Xiaomi stock browser

Summary:
Xiaomi
 Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones were vulnerable to content provider injection using which any 3rd party application can read the user’s browser history.

Vulnerable component:
com.android.browser.searchhistory

Drozer command:
run app.provider.query content://com.android.browser.searchhistory/searchhistory

Poc Image:

table_info.png

Fixing Timeline:

  • Reported to Xiaomi team on 2018-11-24
  • Bug reproduced by the team and fixed in the newer version.
  • Fix verified on 2018-12-27
  • CVE-2018-20523 assigned

 

Advertisements

One thought on “Content provider injection in Xiaomi stock browser

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s