Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Researchers have discovered 10 flaws in Google’s Quick Share file transfer tool
Global Security

Researchers have discovered 10 flaws in Google’s Quick Share file transfer tool

AdminBy AdminAugust 10, 2024No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


August 10, 2024Ravi LakshmananVulnerability / Mobile Security

About 10 security flaws were discovered in Google Quick exchange a data transfer utility for Android and Windows that can be compiled to run a Remote Code Execution (RCE) chain on systems where the software is installed.

“The Quick Share app implements its own application-level communication protocol to support file transfers between nearby compatible devices,” SafeBreach Labs researchers Or Yair and Shmuel Cohen said in a technical report shared with The Hacker News.

“By investigating how the protocol works, we were able to explain and identify logic within the Quick Share Windows application that we can manipulate or bypass.”

The result revealed 10 vulnerabilities — nine affecting Quick Share for Windows and one affecting Android — that could be turned into an “innovative and unconventional” RCE attack chain to run arbitrary code on Windows hosts. The RCE attack chain is codenamed QuickShell.

Cyber ​​security

The flaws cover six remote denial of service (DoS) flaws, two unauthorized file writing bugs, each found in the Android and Windows versions of the software, one directory traversal, and one case of forced Wi-Fi connection.

The issues were resolved in Quick Share version 1.0.1724.0 and later. Google jointly tracks the flaws under the two CVE IDs below –

  • CVE-2024-38271 (CVSS Score: 5.9) – Vulnerability that causes a victim to remain connected to a temporary Wi-Fi connection created for sharing
  • CVE-2024-38272 (CVSS Score: 7.1) – Vulnerability that allows an attacker to bypass the file acceptance dialog box in Windows

Quick Share, formerly Nearby Share, is a peer-to-peer file sharing utility that allows users to transfer photos, videos, documents, audio files, or entire folders between nearby Android devices, Chromebooks, and Windows desktops and laptops. Both devices must be within 5 m (16 ft) of each other with Bluetooth and Wi-Fi enabled.

In a nutshell, the discovered flaws can be used to remotely write files to devices without permission, force a Windows program to crash, redirect its traffic to an attacker-controlled Wi-Fi access point, and pass user folder paths.

Cyber ​​security

But more importantly, the researchers found that the ability to force a target device to connect to a different Wi-Fi network and create files in the Downloads folder could be combined to initiate a chain of steps that would eventually lead to remote code execution.

conclusions, presented for the first time at DEF CON 32 today are the culmination of a deeper analysis of the Protobuf-based proprietary protocol and logic behind the system. They are important not least because they highlight how seemingly innocuous known problems can open the door to successful compromise and can present serious risks when combined with other weaknesses.

“This research exposes the security issues associated with the complexity of a data transfer utility that tries to support so many communication protocols and devices,” SafeBreach Labs said in a statement. “It also highlights the critical security risks that can arise from chaining together seemingly low-risk, known or unpatched vulnerabilities.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.