The Android mobile application, downloaded more than a billion times by users, contains critical vulnerabilities that the program developer cannot fix for more than three months. The problems affect the Android version of SHAREit, a mobile application that allows users to share files with other devices.

Exploitation of vulnerabilities allows an attacker to run malicious code on smartphones with installed SHAREit application, said Trend Micro researcher Echo Duan. The problem stems from the lack of proper restrictions on who can use the application code.

According to expert, malicious applications installed on the user's device, or attackers performing a MitM attack can send malicious commands to the SHAREit application and use its legitimate functions to run custom code, or install third-party applications without the user's knowledge.

In addition, the application is also vulnerable to the so-called Man-in-the-Disk attacks, which involve unsafe storage of confidential application resources in a shared phone storage location, where they can be deleted, edited, or replaced by hackers.

Source: securitylab.ru