Unpatched Flaw in Xiaomi's Built-in Browser App Lets Hackers Spoof URLs

EXCLUSIVE — Beware, if you are using a Xiaomi's Mi or Redmi smartphone, you should immediately update its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices.
That's because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a researcher told The Hacker News.
The vulnerability, identified as CVE-2019-10875 and discovered by security researcher Arif Khan, is a browser address bar spoofing issue that originates because of a logical flaw in the browser's interface, allowing a malicious website to control URLs displayed in the address bar.

Update (08/04/2019) — Another spokesperson for Xiaomi today confirmed The Hacker News that the above-mentioned publicly disclosed vulnerability has now been patched in the latest version of both browser apps released late last week.
"The bug was a result of an additional functionality to improve user experience by hiding the URL and only displaying the search term," the spokesperson says.
"While this was intended to work only with specific URLs, it worked for some other URLs which followed a similar regular pattern. The issue has since been resolved and an update is being rolled out to all users."

Source: https://thehackernews.com/2019/04/xia...

Want to join the Penetration Testing community? Join our Discord server!
https://discordapp.com/invite/rrRQGnJ

Do you enjoy the content on this channel? YouTube ad revenue is virtually non-existent so please consider funding Penetration Testing via Patreon:
https://www.patreon.com/penetrationte...

Facebook Page: https://www.facebook.com/kaliforensics

Pinterest: https://www.pinterest.com/penetration...

Instagram: https://www.instagram.com/penetration...

Google+: https://plus.google.com/b/10053333383...

Thanks For Watching....

Like Share & Subscribe.....