Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Google Quick Share Flaws Expose Users

August 10, 2024
Reading Time: 2 mins read
in Alerts

Researchers at SafeBreach have identified vulnerabilities in Google’s Quick Share data transfer utility that could enable threat actors to execute man-in-the-middle (MiTM) attacks and send files to Windows devices without user consent. Quick Share is a peer-to-peer file sharing tool designed for Android, Chrome, and Windows, allowing users to transfer files to nearby devices via various communication protocols like Bluetooth and Wi-Fi. Originally launched as Nearby Share on Android and later rebranded after merging with Samsung’s Quick Share, the utility has faced scrutiny for its security flaws.

Upon analyzing Quick Share’s communication protocol, SafeBreach uncovered ten vulnerabilities, including serious issues that facilitate remote code execution (RCE) attacks on Windows systems. Among these defects are unauthorized file write bugs and flaws that could allow attackers to force Wi-Fi connections, conduct directory traversals, and execute remote denial-of-service (DoS) attacks. These vulnerabilities grant malicious actors the capability to remotely send files without approval, crash the Windows application, and redirect traffic to their own access points.

Two critical vulnerabilities, assigned CVEs CVE-2024-38271 and CVE-2024-38272, were highlighted by SafeBreach, with severity scores of 7.1 and 5.9, respectively. The researchers noted that Quick Share’s communication protocol was overly generic, enabling them to bypass the file acceptance dialog on Windows. By sending an introduction packet containing the file without waiting for user acceptance, attackers could successfully transmit files even when devices were configured to accept files only from known contacts.

SafeBreach’s research also revealed that Quick Share could upgrade connections and utilize Wi-Fi hotspots, which could be exploited to sniff traffic from devices. By exploiting the vulnerabilities, researchers could maintain persistent connections and execute MiTM attacks. The findings, presented at the DEF CON 32 conference, highlight the importance of addressing these vulnerabilities promptly to protect users from potential exploits in Quick Share and similar applications.

Reference:

  • SafeBreach Labs researchers discovered ten vulnerabilities in Google’s Quick Share
Tags: August 2024Cyber AlertsCyber Alerts 2024Cyber threatsGoogleGoogle Quick ShareMan-in-the-middle (MitM) attackSafeBreach
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial