CVE-2020-9531

Name of the Vulnerable Software and Affected Versions Xiaomi MIUI versions prior to 2001122

Description An issue was discovered in the Web resources of GetApps (com.xiaomi.mipicks) where parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL, and the data carried in the parameters are loaded and executed. This can be exploited by an attacker using NFC tools to get close enough to a user's unlocked phone, potentially causing apps to be installed and information to be leaked.

Recommendations For versions prior to 2001122, update to version 2001122 or later to resolve the issue. As a temporary workaround, consider restricting the use of the GetApps feature until a patch is applied. Avoid using NFC tools near unlocked devices to minimize the risk of exploitation.