Application security, Threat Management
Security bugs left unpatched in Android app with one billion downloads
Trend Micro reports that the Android version of popular file-sharing app SHAREit has vulnerabilities that its developers have failed to address through patches for the last three months, according to ZDNet. The bug leaves smartphones with the app, which has had more than 1 billion downloads, open to malicious code introduced by attackers. Analyst Echo Duan says the flaw lies in the absence of restrictions on who can access the app’s code, which allows attackers attempting a person-in-the-middle network attack to hijack the app through malicious commands and from there run custom code, change local files or install their own apps. Threat actors are also capable of exploiting the app’s vulnerability to Man-in-the-Disk attacks, according to researchers. Duan said they informed SHAREit of the vulnerabilities three months before disclosing their research but got no response. Google was also informed of the group’s findings but Duan declined to share the company’s response.
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds