A remote code execution (RCE) chain might be initiated on machines running the program by combining up to ten security weaknesses that have been discovered in Google’s Quick Share data transfer tool for Windows and Android.
Up to ten security holes that might be combined to launch a remote code execution (RCE) chain on computers running the program have been found in Google’s Quick Share data transfer app for Windows and Android.
Researchers from SafeBreach Labs, Or Yair, and Shmuel Cohen stated in a technical paper provided that “the Quick Share application implements its own specific application-layer communication protocol to support file transfers between nearby, compatible devices.”
“By investigating how the protocol works, we were able to fuzz and identify logic within the Quick Share application for Windows that we could manipulate or bypass.”
Ten vulnerabilities have been found as a result, nine of which affect Quick Share for Windows and one of which affects Android. These vulnerabilities may be used to create an “innovative and unconventional” RCE attack chain that would allow the execution of arbitrary code on Windows hosts. QuickShell is the codename given to the RCE attack chain.
Six remote denial-of-service (DoS) vulnerabilities, two unauthorized file write defects found in both the Windows and Android versions of the software, one directory traversal issue, and one forced Wi-Fi connection instance are among the flaws.
Versions 1.0.1724.0 and later of Quick Share have fixed the issues. Google is monitoring the vulnerabilities together under the following two CVE identifiers:
Vulnerability CVE-2024-38271 (CVSS score: 5.9) requires a victim to maintain a temporary Wi-Fi connection made for sharing.
CVE-2024-38272, with a 7.1 CVSS score, is a flaw in Windows that lets an attacker avoid the accept file dialog.
A peer-to-peer file-sharing tool called Quick Share (previously Nearby Share) enables users to move data—including documents, audio files, movies, and entire folders—between Android smartphones, Chromebooks, and Windows desktops and laptops that are in close proximity to one another. Both devices need to be turned on for Bluetooth and Wi-Fi and be within 5 meters (16 feet) of one another.
In summary, the vulnerabilities found might be leveraged to force the Windows application to crash, traverse pathways to the user’s folder, reroute traffic to a Wi-Fi access point controlled by the attacker, and remotely write files into devices without authorization.
More significantly, though, the researchers discovered that they could start a sequence of events that would eventually result in remote code execution by coercing the target device into connecting to an alternate Wi-Fi network and generating files inside the Downloads folder.
The results are the result of a more thorough examination of the protobuf-based proprietary protocol and the logic behind the system. They were initially presented today at DEF CON 32. They are important, if nothing else, because they show how well-known, seemingly innocuous problems can allow for a successful compromise and, when paired with other weaknesses, can present dangerous hazards.
“This research reveals the security challenges introduced by the complexity of a data transfer utility attempting to support so many communication protocols and devices,” the company stated in a statement. “It also underscores the critical security risks that can be created by chaining seemingly low-risk, known, or unfixed vulnerabilities together.”
Also read: Achieving Rapid Outcomes with AI-Driven Cloud Analytics
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.