Xiaomi Mi6 Browser is prone to a remote code-execution vulnerability.
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the user. Failed exploits will result in denial-of-service conditions.
Xiaomi Browser version prior to 10.4.0 are vulnerable.
Exploitation of this issue was demonstrated at the Pwn2own contest, but the exploit is not publicly available.
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
Bugtraq ID: | 109138 |
Class: | Input Validation Error |
CVE: | CVE-2019-13322 |
Remote: | Yes |
Local: | No |
Published: | Jul 12 2019 12:00AM |
Updated: | Jul 12 2019 12:00AM |
Credit: | MWR Labs - Georgi Geshev and Robert Miller |
Vulnerable: | Xiaomi Inc. Mi Browser 10.3.6 Xiaomi Inc. Mi 6 0 |
Not Vulnerable: | Xiaomi Inc. Mi Browser 10.4 |
References:
from SecurityFocus Vulnerabilities https://ift.tt/2l9Osi4
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.