Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware

Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's...

CVE-2019-15234

SHAREit through 4.0.6.177 does not check the full message length from the received packet header which is used to allocate memory for the next set of data. This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941...

CVE-2019-9938

The SHAREit application before 4.0.42 for Android allows a remote attacker on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The...

CVE-2019-9939

The SHAREit application before 4.0.36 for Android allows a remote attacker on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requeste...