As many as 10 security flaws have been uncovered in Google’s Fast Share information switch utility for Android and Home windows that might be assembled to set off distant code execution (RCE) chain on techniques which have the software program put in.
“The Fast Share software implements its personal particular application-layer communication protocol to help file transfers between close by, appropriate gadgets,” SafeBreach Labs researchers Or Yair and Shmuel Cohen stated in a technical report shared with The Hacker Information.
“By investigating how the protocol works, we have been in a position to fuzz and determine logic inside the Fast Share software for Home windows that we may manipulate or bypass.”
The result’s the invention of 10 vulnerabilities – 9 affecting Fast Share for Home windows and one impacting Android – that might be common into an “modern and unconventional” RCE assault chain to run arbitrary code on Home windows hosts. The RCE assault chain has been codenamed QuickShell.
The shortcomings span six distant denial-of-service (DoS) flaws, two unauthorized recordsdata write bugs every recognized in Android and Home windows variations of the software program, one listing traversal, and one case of compelled Wi-Fi connection.
The problems have been addressed in Fast Share model 1.0.1724.0 and later. Google is collectively monitoring the failings below the beneath two CVE identifiers –
- CVE-2024-38271 (CVSS rating: 5.9) – A vulnerability that forces a sufferer to remain linked to a short lived Wi-Fi connection created for sharing
- CVE-2024-38272 (CVSS rating: 7.1) – A vulnerability that enables an attacker to bypass the settle for file dialog on Home windows
Fast Share, previously Close by Share, is a peer-to-peer file-sharing utility that enables customers to switch pictures, movies, paperwork, audio recordsdata or complete folders between Android gadgets, Chromebooks, and Home windows desktops and laptops in shut proximity. Each gadgets have to be inside 5 m (16 ft) of one another with Bluetooth and Wi-Fi enabled.
In a nutshell, the recognized shortcomings might be used to remotely write recordsdata into gadgets with out approval, power the Home windows app to crash, redirect its visitors to a Wi-Fi entry level below an attacker’s management, and traverse paths to the consumer’s folder.
However extra importantly, the researchers discovered that the power to power the goal gadget into connecting to a distinct Wi-Fi community and create recordsdata within the Downloads folder might be mixed to provoke a series of steps that finally result in distant code execution.
The findings, first introduced at DEF CON 32 at the moment, are a fruits of a deeper evaluation of the Protobuf-based proprietary protocol and the logic that undergirds the system. They’re vital not least as a result of they spotlight how seemingly innocent recognized points may open the door to a profitable compromise and will pose severe dangers when mixed with different flaws.
“This analysis reveals the security challenges launched by the complexity of a data-transfer utility making an attempt to help so many communication protocols and gadgets,” SafeBreach Labs stated in an announcement. “It additionally underscores the crucial security dangers that may be created by chaining seemingly low-risk, recognized, or unfixed vulnerabilities collectively.”
