We have reached out to Trend Micro for further comment, and we will update the story if we hear back. "We worked quickly to investigate this report, and on February 19, 2021, we released a patch to address the alleged vulnerabilities." 'We reported these vulnerabilities to the vendor, who has not responded yet,' Duan said today. This can also be used to write any files in the app’s data folder. MICRO SHAREIT 1B PLAY STORECIMPANUZDNET ANDROID Catalin Cimpanu / ZDNet: Trend Micro details an unpatched remote code execution bug in the Android version of SHAREit, an app with 1B+ Play Store downloads. Trend Micro details an unpatched remote code execution bug in the Android version of SHAREit, an app with 1B+ Play Store downloads that lets users share files Source: Trend Micro. "On February 15, 2021, we became aware of a report by Trend Micro about potential security vulnerabilities in our app," the company said in a statement to The Hacker News via email. The second emerging trend is that proven analytics solutions are replacing experimental initiatives. The developer of SHAREit told The Hacker News in an email over the weekend that it has released a patch to address the "alleged" flaws following the disclosure by Trend Micro researchers. Then on June 29, 2020, the Indian government banned SHAREit along with 58 other Chinese apps over concerns that these apps were engaging in activities that threatened "national security and defence of India, which ultimately impinges upon the sovereignty and integrity of India." UPDATE In February 2019, two vulnerabilities were detected in the app that could allow attackers to bypass authentication, download arbitrary files, and pilfer files from Android devices.Ī pop-up from the fake Twitter app created to test the vulnerability SHAREit has courted a fair of security shortcomings in the past. Lastly, the app is also susceptible to what's called a man-in-the-disk (MitD) attack, which arises when careless use of "external storage" permissions opens the door to the installation of fraudulent apps and even causes a denial of service condition. Join our insightful webinar! Save My Seat! Zero Trust + Deception: Learn How to Outsmart Attackers!ĭiscover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy.
0 Comments
Leave a Reply. |