Vulnerability Abstract

Title: Vulnerability in MiTalk (米聊) for Android
Time: 05 Dec 2011
Author: Daoyuan Wu*, Xiapu Luo* and Rocky K. C. Chang
Department of Computing, The Hong Kong Polytechnic University, Hong Kong
* authors with equal contributions
CVE ID: CVE-2011-4697
Category: Newly Released
Related Vendor: Xiaomi Inc.

Application Information

Archive Time: December 5, 2011 HKT
Package Name:
Full Name: MiTalk Messenger (“米聊” in Chinese name)
Affected Version: 1.0, 2.1.280 and 2.1.310 (the latest version in 05 Dec 2011)
Package Installs: 100,000 - 500,000
Market Link:

Vulnerability Details

Status: Breif impact description now releases to public.
Breif Description: Allow a malicious application to access and manipulate user’s sensitive contacts, sms and etc.

Vendor Response

Contact Time: Has patched the vulnerability in version 2.1.320 in December 9, 2011 before we try to contact them.
Confirm Time: No longer maintain
Patched Time: December 9, 2011 HKT
Patched Status: Has patched the vulnerability in version 2.1.320.

Important Notes

Although we only mention one or several affected version in our report, other versions may also be vulnerable, e.g. lower version, pad version or paid version.

Related Vulnerabilities