New HeartBleed - is MIUI affected?

Discussion in 'Bugs' started by foroul, Apr 10, 2014.

  1. foroul

    foroulMembers

    Jul 13, 2013
    16
    1
    13
    Male
    #1foroul,Apr 10, 2014
    Last edited: Apr 10, 2014
    There were not too much communication about client side, but the OpenSSL HeartBleed bug can be exploited at client side too: a malicious website can reach all memory of the browser (including all previously used unencrypted passwords). Google say, some version of android 4.1.1 affected - unfortunately MIUI based on this version.

    My question is simple: is MIUI affected or not?
     
  2. FalconX71

    FalconX71Members

    Dec 4, 2013
    13
    4
    13
    Just test it! There are two tools in the playstore to test it! On my phone the tests has been positive. I am on a V5 (4.3.12).Has anyone a solution? Is it better to cut data transfer until it is patched?

    Gesendet von meinem MI 2S mit Tapatalk
     
  3. redmaner

    redmanertranslators.xiaomi.eu maintainer
    Staff Member

    Jan 12, 2013
    533
    547
    180
    Male
    The Netherlands
    My device is affected too. Bug has to be reported to Xiaomi.
    If we are lucky they update the binary, can take weeks
     
  4. foroul

    foroulMembers

    Jul 13, 2013
    16
    1
    13
    Male
    It seems that MIUI v5 (4.4.4) uses OpenSSL 1.0.1c and vulnerable.
     
  5. qbert456

    qbert456Members

    Feb 20, 2013
    517
    36
    65
    And some worried about Chinese back doors on this rom....
    Glad it's being fixed ASAP. Oh wait, it isn't
     
  6. cpasmoi

    cpasmoiStaff

    Sep 22, 2013
    355
    132
    67
    Male
    France
    #6cpasmoi,Apr 11, 2014
    Last edited: Apr 11, 2014
    isn't a server side vulnerability ?
     
  7. foroul

    foroulMembers

    Jul 13, 2013
    16
    1
    13
    Male
    No, it can exploited at client side too. In that case server can read all data in browser memory: for example cookies and passwords for other websites
     
    cpasmoi likes this.
  8. charlie80

    charlie80Members

    Nov 3, 2013
    35
    5
    18
    Dcoten likes this.
  9. FalconX71

    FalconX71Members

    Dec 4, 2013
    13
    4
    13
    #9FalconX71,May 13, 2014
    Last edited: May 20, 2014
    Version 4.5.9 is still infected. Has someone new infos to solve?

    Gesendet von meinem MI 2S mit Tapatalk
     
  10. FalconX71

    FalconX71Members

    Dec 4, 2013
    13
    4
    13
    Version 4.5.23 also! I can't understand that nobody is interested! Any statement from the devs? Solution? Hello!?

    Gesendet von meinem MI 2S mit Tapatalk
     
  11. cpasmoi

    cpasmoiStaff

    Sep 22, 2013
    355
    132
    67
    Male
    France
    i don't care too :p
     

Share Our Site