Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Google Quick Share Flaws Expose Users

August 10, 2024
Reading Time: 2 mins read
in Alerts

Researchers at SafeBreach have identified vulnerabilities in Google’s Quick Share data transfer utility that could enable threat actors to execute man-in-the-middle (MiTM) attacks and send files to Windows devices without user consent. Quick Share is a peer-to-peer file sharing tool designed for Android, Chrome, and Windows, allowing users to transfer files to nearby devices via various communication protocols like Bluetooth and Wi-Fi. Originally launched as Nearby Share on Android and later rebranded after merging with Samsung’s Quick Share, the utility has faced scrutiny for its security flaws.

Upon analyzing Quick Share’s communication protocol, SafeBreach uncovered ten vulnerabilities, including serious issues that facilitate remote code execution (RCE) attacks on Windows systems. Among these defects are unauthorized file write bugs and flaws that could allow attackers to force Wi-Fi connections, conduct directory traversals, and execute remote denial-of-service (DoS) attacks. These vulnerabilities grant malicious actors the capability to remotely send files without approval, crash the Windows application, and redirect traffic to their own access points.

Two critical vulnerabilities, assigned CVEs CVE-2024-38271 and CVE-2024-38272, were highlighted by SafeBreach, with severity scores of 7.1 and 5.9, respectively. The researchers noted that Quick Share’s communication protocol was overly generic, enabling them to bypass the file acceptance dialog on Windows. By sending an introduction packet containing the file without waiting for user acceptance, attackers could successfully transmit files even when devices were configured to accept files only from known contacts.

SafeBreach’s research also revealed that Quick Share could upgrade connections and utilize Wi-Fi hotspots, which could be exploited to sniff traffic from devices. By exploiting the vulnerabilities, researchers could maintain persistent connections and execute MiTM attacks. The findings, presented at the DEF CON 32 conference, highlight the importance of addressing these vulnerabilities promptly to protect users from potential exploits in Quick Share and similar applications.

Reference:

  • SafeBreach Labs researchers discovered ten vulnerabilities in Google’s Quick Share
Tags: August 2024Cyber AlertsCyber Alerts 2024Cyber threatsGoogleGoogle Quick ShareMan-in-the-middle (MitM) attackSafeBreach
ADVERTISEMENT

Related Posts

Fake PyPI Login Site Steals Credentials

Fake PyPI Login Site Steals Credentials

September 26, 2025
Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

September 26, 2025
Fake PyPI Login Site Steals Credentials

Hidden WordPress Backdoors Create Admins

September 26, 2025
BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025

Latest Alerts

Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

Hidden WordPress Backdoors Create Admins

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Indian Bank Transfer Records Exposed

    Chinese Cyberspies Hit US Defense Firms

    Neon App Shuts Down After Data Leak

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial