IBM researchers recently revealed they had discovered a remote code execution (RCE) vulnerability in Xiaomi's MIUI operating systems, which has since been patched.
Researchers spotted the bug months ago in multiple applications within Xiaomi's analytics package and privately disclosed the vulnerability to the Chinese smartphone maker in January 2016, IBM X-Force Application Security Research Team Leader Roee Hay said in a July 7 blog post.
The flaw exposed millions of devices to man-in-the–middle (MitM) attackers and could allow them to execute arbitrary code as a highly privileged Android system, the post said.
After Xiaomi was notified, the phone maker confirmed and classified vulnerability then provided IBM with details as to when a patch would be available.
The vulnerabilities were remediated by Xiaomi from MIUI Global Stable version 7.2 and users are encouraged to update their devices as soon as possible to ensure they aren't vulnerable.