It would definitely be better to add ip/domains to the firewall (iptables) than to adblock. If you have full list of ip/domains - please share for other users.

Right, using iptables makes sense!
I might still block domains with adblock, and make a script to retrieve each IP associated with those domains (+ static ips), and drop them in iptables (and maybe add this to a cron?). Does that sound good to you?

Here is the list I've gathered for now, but it's not a complete list at all:
https://dpaste.com/CRDHZXZAQ
If you're interested maybe we should create a git or something

I think there's no right answer.... As there might also be exploits in the latest Chinese version on purpose
But if you trust Xiaomi support you should probably go with the official updates (thus xqrepack as the post mentioned)