In the event that you end up having the SHAREit application installed on your phone, you’ll certainly need to know about another report from the security firm Trend Micro about this specific Android application — which has unpatched security bugs that clearly have gone unfixed for a few months. As per the specialists, this implies that the Android version of this application could be utilized to hijack phones as well as to steal personal data.
Trend Micro says that the vulnerabilities in the Android version of the application, which has been downloaded more than 1 billion times, “can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution.” And while the issues haven’t been fixed as of the hour of this composition, Google has supposedly been told about the issues. It’s additionally essential to note — none of this applies to the IOS version of the application, per Trend Micro.
SHAREit, which allows you to share files with different clients who have this equivalent application on their phone, was named as quite possibly the most downloaded applications in 2019. Nevertheless, this new report says that the vulnerabilities that were found “can be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app … In the past, vulnerabilities that can be used to download and steal files from users’ devices have also been associated with the app. While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws.”
The issue would result from a noxious application or code installed on the Android gadget being referred to, which is the thing that could take advantage of the SHAREit vulnerabilities. Remembered for the Trend Micro report was a screenshot of the SHAREit Google Play Store page showing a latest application update on January 26 of this current year. As of Tuesday, February 16, in any case, the Google Play Store page for the application is showing that the application was updated on February 9.
“We decided to disclose our research three months after reporting this, since many users might be affected by this attack because the attacker can steal sensitive data,” Trend Micro’s Echo Duan and Jesse Chang wrote in their report.