Security News > 2021 > February > Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware

Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution.

The findings come from cybersecurity firm Trend Micro's analysis of the Android version of the app, which allows users to share or transfer files between devices.

One of the flaws arises from the manner the app facilitates sharing of files, potentially allowing any third-party to gain temporary read/write access permissions and exploit them to overwrite existing files in the app's data folder.

Lastly, the app is also susceptible to what's called a man-in-the-disk attack, which arises when careless use of "External storage" permissions opens the door to the installation of fraudulent apps and even causes a denial of service condition.

In February 2019, two vulnerabilities were detected in the app that could allow attackers to bypass authentication, download arbitrary files, and pilfer files from Android devices.

Then on June 29, 2020, the Indian government banned SHAREit along with 58 other Chinese apps over concerns that these apps were engaging in activities that threatened "National security and defence of India, which ultimately impinges upon the sovereignty and integrity of India."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/H3XKnxBOOpI/unpatched-shareit-android-app-flaw.html