CVE-2019-15470

Name of the Vulnerable Software and Affected Versions Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys

Description The issue allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device that can obtain signatureOrSystem permissions. The app enables a third-party app to use its open interface to record telephone calls to external storage.

Recommendations For the Xiaomi Redmi Note 6 Pro Android device, consider disabling the com.qualcomm.qti.callenhancement app until a patch is available to prevent other pre-installed apps from accessing its capabilities. Restrict access to the microphone audio recording feature to minimize the risk of unauthorized recording. Avoid using the device for sensitive conversations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.