CVE-2023-26324

Name of the Vulnerable Software and Affected Versions XiaomiGetApps (affected versions not specified)

Description A code execution vulnerability exists in the XiaomiGetApps application product, caused by the verification logic being bypassed. An attacker can exploit this vulnerability to execute malicious code. The exploitation involves opening a URL in WebView, injecting JavaScript, executing JavaScript Interface functions from vulnerable GetApps to install and launch payload, and getting shell.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.