![]() They can also potentially lead to Remote Code Execution (RCE). In the past, vulnerabilities that could be used to download and steal files from user's devices have also been associated with the app. Even though the app allows the transfer and download of various file types, such as the Android Package (APK), the vulnerability associated with this feature is most likely an accidental one. ![]() ![]() Official Statement Regarding Data Security Incident Google has provided an update stating that 80 of Android apps have adopted the HTTPS standard by default. HTTPS encrypts network traffic, preventing third parties from intercepting data from apps. SHAREit is one of the tens of Chinese mobile apps banned last year by India due to national security and privacy concerns. SHAREit app is a leading file sharing, content streaming and gaming platform. Cybersecurity firm Trend Micro reported on Monday that its researchers discovered some potentially serious vulnerabilities in the SHAREit app for Android, which has been installed from Google Play more than one billion times. Since its inception, billions of users have entrusted SHAREit to quickly and securely share their files. The security of our app and our users' data is of utmost importance to us. We are fully committed to protecting user privacy and security and adapting our app to meet security threats. On February 15, 2021, we became aware of a report by Trend Micro about potential security vulnerabilities in our app. We worked quickly to investigate this report, and on February 19, 2021, we released a patch to address the alleged vulnerabilities.Cybersecurity experts have discovered a popular Android app riddled with vulnerabilities has been download one billion times. An attacker can exploit the permissions on SHAREit mobile app to leak sensitive data and remotely execute malicious code. Cybersecurity company Trend Micro analysts, they have recently reported that they found several vulnerabilities in the Shareit application that we use. SHAREit is used to share files between Android users and devices. SHAREit is owned by Smart Media4U Technology Pte. in Singapore and was previously owned by Lenovo before it was spun off into its own company.Īccording to Trend Micro researchers, the flaw was reported nearly three months ago, but was still not patched as of the time of the report on Monday. “We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission. It is also not easily detectable,” wrote Echo Duan and Jesse Chang from the Trend Micro security team. The Trend Micro report describes the vulnerability details and built proof-of-concept (POC) code on how the malicious code can execute man-in-the-middle attacks and steal sensitive files. Cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems June 24, 2022.Search for: Search Categories Categories Archives Archives For instance, Trend Micro found the developer specified a wide storage area root path (e.g., /data/data/ folder), which can be freely accessed by the malicious code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |