New HeartBleed - is MIUI affected?

[foroul]

There were not too much communication about client side, but the OpenSSL HeartBleed bug can be exploited at client side too: a malicious website can reach all memory of the browser (including all previously used unencrypted passwords). Google say, some version of android 4.1.1 affected - unfortunately MIUI based on this version.

My question is simple: is MIUI affected or not?

 

[FalconX71]

Just test it! There are two tools in the playstore to test it! On my phone the tests has been positive. I am on a V5 (4.3.12).Has anyone a solution? Is it better to cut data transfer until it is patched?

Gesendet von meinem MI 2S mit Tapatalk

 

[redmaner]

My device is affected too. Bug has to be reported to Xiaomi.
If we are lucky they update the binary, can take weeks

 

[foroul]

It seems that MIUI v5 (4.4.4) uses OpenSSL 1.0.1c and vulnerable.

 

[qbert456]

And some worried about Chinese back doors on this rom....
Glad it's being fixed ASAP. Oh wait, it isn't

 

[foroul]

No, it can exploited at client side too. In that case server can read all data in browser memory: for example cookies and passwords for other websites

 

[charlie80]

Yes it is affected, see here http://xiaomi.eu/community/index.php?posts/204550

tested also with latest weekly release, same result

Sent from my MI 2S using Tapatalk

 

[FalconX71]

Version 4.5.9 is still infected. Has someone new infos to solve?

Gesendet von meinem MI 2S mit Tapatalk

 

[FalconX71]

Version 4.5.23 also! I can't understand that nobody is interested! Any statement from the devs? Solution? Hello!?

Gesendet von meinem MI 2S mit Tapatalk