Cybersecurity researchers have disclosed details of a new vulnerability impacting Google’s Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target’s device without their approval.
The flaw, tracked as CVE-2024-10668 (CVSS score: 5.9), is a bypass for two of the 10 shortcomings that were originally disclosed by SafeBreach Labs in August 2024 under the name QuickShell. It has been addressed in Quick Share for Windows version 1.0.2002.2 following responsible disclosure in August 2024.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
A consequence of these 10 vulnerabilities, collectively tracked as CVE-2024-38271 (CVSS score: 5.9) and CVE-2024-38272 (CVSS score: 7.1), was that they could have been fashioned into an exploit chain to obtain arbitrary code execution on Windows hosts.
Quick Share (previously Nearby Share) is a peer-to-peer file-sharing utility similar to Apple AirDrop that allows users to transfer files, photos, videos, and other documents between Android devices, Chromebooks, and Windows desktops and laptops in close physical proximity.
A follow-up analysis by the cybersecurity company found that two of the vulnerabilities were not fixed correctly, once again causing the application to crash or bypass the need for a recipient to accept the file transfer request by directly transmitting a file to the device.
Specifically, the DoS bug could be triggered by using a file name that starts with a different invalid UTF8 continuation byte (e.g., “\xc5\xff”) instead of a file name that begins with a NULL terminator (“\x00”).
On the other hand, the initial fix for the unauthorized file write vulnerability marked such transferred files as “unknown” and deleted them from the disk after the file transfer session was complete.
This, SafeBreach researcher Or Yair said, could be circumvented by sending two different files in the same session with the same “payload ID,” causing the application to delete only one of them, leaving the other intact in the Downloads folder.
“While this research is specific to the Quick Share utility, we believe the implications are relevant to the software industry as a whole and suggest that even when code is complex, vendors should always address the real root cause of vulnerabilities that they fix,” Yair said.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices