CVE-2020-9530

Name of the Vulnerable Software and Affected Versions Xiaomi MIUI versions prior to 11.0.1.54 GetApps(com.xiaomi.mipicks) versions prior to 2001122

Description An issue was discovered in the export component of GetApps, which mishandles the functionality of opening other components. Attackers can induce users to open specific web pages in a specific network environment, leading to information leakage. This occurs when the WebView component of Messaging is loaded with malicious web pages.

Recommendations For Xiaomi MIUI versions prior to 11.0.1.54, update to version 11.0.1.54 or later to resolve the issue. For GetApps(com.xiaomi.mipicks) versions prior to 2001122, update to version 2001122 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebView component of Messaging to minimize the risk of exploitation.