Security app pre-installed on more than 150 million devices by Xiaomi was suffering from multiple issues that could have allowed remote hackers to compromise Xiaomi smartphones. Xiaomi has now fixed the issues in the latest version of its Guard Provider app. The app was downloading antivirus signature updates through an unsecured HTTP connection, allowing man-in-the-middle attackers sitting on open WiFi network to intercept your device’s network connection and push malicious updates. Researchers successfully achieved remote code execution on the targeted Xiaomi device after exploiting four separate issues in two different SDKs.
Source: https://thehackernews.com/2019/04/xiaomi-antivirus-app.html