Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim’s device.
With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help people share video, music, files, and apps across various devices.
With more than 500 million users, the SHAREit Android app was found vulnerable to a file transfer application’s authentication bypass flaw and an arbitrary file download vulnerability, according to a blog post RedForce researchers shared with The Hacker News.
The vulnerabilities were initially discovered over a year back in December 2017 and fixed in March 2018, but the researchers decided not to disclose their details until Monday “given the impact of the vulnerability, its big attack surface and ease of exploitation.”
“We wanted to give as many people as we can the time to update and patch their devices before disclosing such critical vulnerability,” said Abdulrahman Nour, a security engineer at RedForce.
images from Hacker News