You might want to stop using ShareIt until its vulnerabilities are patched
- Popular app ShareIt has been found to harbor several vulnerabilities.
- These vulnerabilities could be abused by malicious actors to perform remote attacks.
Popular Android file sharing app ShareIt has several vulnerabilities that could lead to the abuse of a user’s data. This according to security firm TrendMicro‘s findings issued in a recent report.
The vulnerabilities detailed could theoretically grant a remote attacker the ability to access and manipulate data on a user’s device using ShareIt’s permissions.
The security firm demonstrates that attackers could use ShareIt’s trusted functions to run malicious commands or install third-party apps. The security flaws could also allow an attacker to replace other apps’ resources on a user’s device, seemingly swapping a legitimate app for a bogus replacement.
ShareIt vulnerabilities, patches, and alternatives
TrendMicro alerted ShareIt’s developer to the issues three months ago, but no patch has been issued yet. The company has also alerted Google of the issues. We’ve reached out to the app’s developers and will update this article if/when we receive a response.
ShareIt is one of the Google Play Store’s most popular apps. Downloaded over a billion times, the app allows users to transfer and share files and links to others. ShareIt was also among the 60 Chinese-developed apps banned in India late last year.
Per its Play Store listing, the app was last updated on February 9, but the update’s changelog fails to mention a patch for the disclosed vulnerabilities. The app remains available to download at the time of writing.
For now, it’s probably a good idea to guard against using ShareIt until the flaws are addressed. Until then, there are a host of alternatives. If you need to transfer files to other Android devices, Nearby Share is an excellent built-in alternative. Files by Google also offers similar functionality. Additionally, there are a number of handy apps for transferring files to your PC if need be.
from Android Authority https://ift.tt/2NA9mFm
No comments