MIUI is the flavour of Android (currently based on Android 6.0) developed by Xiaomi.
Kaplan says that Xiaomi has been informed about the flaw and the flaw has since been patched.
IBM researchers found a vulnerability in the way Xiaomis MIUI handles updates.
The flaw allows a potential hacker to execute code on a target equipment via a MitM attack.
This attack also involves code injection inside the update framework.
All applications with the analytics package are vulnerable to remote code execution via MitM.
The matter is further exacerbated by the fact that there are no checks to verify the downloaded updates.
If you are a Xiaomi smartphone/tablet owner, you should modernize your smartphone to MIUI version 7.2 immediately.
source: www.techworm.net
