CVE-2024-45353
📋 TL;DR
This CVE describes an intent redirection vulnerability in Xiaomi's Quick App framework that allows attackers to redirect app intents to malicious components. It affects Xiaomi devices using the vulnerable Quick App framework version. Attackers could potentially launch unauthorized activities or access sensitive app functions.
💻 Affected Systems
- Xiaomi Quick App Framework
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could redirect app intents to malicious components, potentially leading to unauthorized activity launches, data exposure, or privilege escalation within the Quick App framework context.
Likely Case
Limited impact within the Quick App sandbox, potentially allowing attackers to redirect to other Quick Apps or framework components with elevated permissions.
If Mitigated
Minimal impact if proper app sandboxing and intent validation are enforced by the Android OS and framework.
🎯 Exploit Status
Exploitation requires the attacker to have some level of access to trigger the intent redirection, likely through a malicious Quick App or compromised app.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in advisory
Vendor Advisory: https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=551
Restart Required: Yes
Instructions:
1. Check for system updates in device settings. 2. Install latest MIUI/Android updates from Xiaomi. 3. Update Quick App framework through official Xiaomi channels. 4. Restart device after updates.
🔧 Temporary Workarounds
Disable Quick App Framework
androidTemporarily disable the Quick App framework to prevent exploitation
Navigate to Settings > Apps > Manage Apps > Quick App Framework > Disable
Restrict App Installations
androidOnly install apps from trusted sources like Google Play Store
Navigate to Settings > Security > Install unknown apps > Disable for all apps
🧯 If You Can't Patch
- Isolate affected devices from sensitive networks
- Monitor for unusual Quick App framework activity
🔍 How to Verify
Check if Vulnerable:
Check Quick App framework version in device settings under Apps > Manage Apps > Quick App FrameworkCheck Version:
Not applicable - check through device settings UIVerify Fix Applied:
Verify system is updated to latest MIUI version and Quick App framework shows recent update date📡 Detection & Monitoring
Log Indicators:
- Unusual intent redirection attempts in Quick App framework logs
- Unexpected activity launches from Quick Apps
Network Indicators:
- Unusual network connections originating from Quick App processes
SIEM Query:
Not applicable for typical mobile device deployments