Security News > 2024 > August > Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share

As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution chain on systems that have the software installed.

"The Quick Share application implements its own specific application-layer communication protocol to support file transfers between nearby, compatible devices," SafeBreach Labs researchers Or Yair and Shmuel Cohen said in a technical report shared with The Hacker News.

"By investigating how the protocol works, we were able to fuzz and identify logic within the Quick Share application for Windows that we could manipulate or bypass."

The result is the discovery of 10 vulnerabilities - nine affecting Quick Share for Windows and one impacting Android - that could be fashioned into an "Innovative and unconventional" RCE attack chain to run arbitrary code on Windows hosts.

The issues have been addressed in Quick Share version 1.0.1724.0 and later.

Quick Share, formerly Nearby Share, is a peer-to-peer file-sharing utility that allows users to transfer photos, videos, documents, audio files or entire folders between Android devices, Chromebooks, and Windows desktops and laptops in close proximity.

News URL

https://thehackernews.com/2024/08/researchers-uncover-10-flaws-in-googles.html