crmtriada.blogg.se

4 Oktober 2022 - 10:02
Shareit app
Allmänt
Shareit app










shareit app
  1. #Shareit app install#
  2. #Shareit app update#
  3. #Shareit app for android#
  4. #Shareit app android#
  5. #Shareit app code#

ShareIt's incredible success of a billion Android downloads and 1.8 billion users worldwide (there are also iOS, Windows, and Mac apps) has led to what looks like an incredible amount of app bloat. The security firm says it shared these vulnerabilities with ShareIt three months ago, but the company has yet to issue patches.

#Shareit app code#

Trend Micro says compromising the app can lead to remote code execution. It can delete apps, run at startup, create accounts and set passwords, and do a whole lot more. According to the Play Store permissions readout, ShareIt requests access to the entire user storage and all media, the camera and microphone, and location. The report says ShareIt's vulnerabilities can "be abused to leak a user's sensitive data and execute arbitrary code with ShareIt permissions." ShareIt's permissions, as a local file-sharing app, are pretty extensive. ShareIt has been downloaded over a billion times from the Play Store, and, according to App Annie, was one of the 10 most globally downloaded apps in 2019. The app was originally developed by Lenovo (it has since spun off into its own company) and for a time was pre-installed on Lenovo phones. Researchers at IOActive discovered the flaws that an attacker can abuse to elevate to admin privileges by taking advantage of a weakness in a password-generation algorithm to guess the username and password of a temporary administrator account.Trend Micro says it has found "several" security flaws in the popular Android app ShareIt.

#Shareit app update#

In November, the vendor patched two privilege escalation vulnerabilities in its Lenovo System Update service.

#Shareit app install#

But some Lenovo users discovered that even after reinstalling a fresh version of Windows, the LSE software reinstalls itself and prompts users to install another piece of software. The Lenovo Service Engine that collects some system information and sends it to Lenovo at the time the machine connects to the Internet. Lenovo has certainly had its share of security difficulties starting close to a year ago with the disclosure of the Superfish pre-installed adware that paved the way to man-in-the-middle attacks.Īnother rootkit-like utility was discovered in August. “An attacker could connect to that HotSpot and capture the information transferred between those devices,” Core Security said. The final vulnerability affects only the Android version of the app, which when configured to receive files, it does so over a Wi-Fi hotspot that is created by the app without a password. “An attacker that is able to sniff the network traffic could to view the data transferred or perform man in the middle attacks, for example by modifying the content of the transferred files,” Core Security said. Worse, the Lenovo app-both the Windows and Android version-transferred files in plain text over HTTP. “When the WiFi network is on and connected with the default password (12345678), the files can be browsed but not downloaded by performing an HTTP Request to the WebServer launched by Lenovo SHAREit,” Core Security said in its advisory, and also shared the request used to carry out the attack. The updated app removes that default password, but not before it opened the door to another hole that could allow attackers to remotely browse a device’s file system. Core Security said that when the app is configured to receive files from devices, it sets up a Wi-Fi hotspot with the same 12345678 password every time. The most pressing issue is the hard-coded password in the Windows version of the app.

#Shareit app for android#

“Lenovo SHAREit for Windows and Android are prone to multiple vulnerabilities which could result in integrity corruption, information leak and security bypasses,” Core Security wrote in its advisory published today Lenovo SHAREit for Android 3.0.18_ww and Lenovo SHAREit for Windows 2.5.1.1 are vulnerable, the researchers said. The app allows users to share files over Wi-Fi between PCs and mobile devices. The flaws were found in in the Lenovo ShareIT application for Android and Windows by researchers at Core Security’s CoreLabs. Lenovo today has patched a number of vulnerabilities that jeopardize private data, which are largely enabled by a simple hard-coded password in a freely available file-sharing application.












Shareit app
0 kommentar(er)
Om Mig: