This is a news story, published by The Register, that relates primarily to Quick Share news.
For more software applications news, you can click here:
more software applications newsFor more news from The Register, you can click here:
more news from The RegisterOtherweb, Inc is a public benefit corporation, dedicated to improving the quality of news people consume. We are non-partisan, junk-free, and ad-free. We use artificial intelligence (AI) to remove junk from your news feed, and allow you to select the best tech news, business news, entertainment news, and much more. If you like software applications news, you might also like this article about
Quick Share holes SafeBeach. We are dedicated to bringing you the highest-quality news, junk-free and ad-free, about your favorite topics. Please come every day to read the latest malicious code news, SafeBreach security research team lead news, software applications news, and other high-quality news about any topic that interests you. We are working hard to create the best news aggregator on the web, and to put you in control of your news feed - whether you choose to read the latest news through our website, our news app, or our daily newsletter - all free!
other vulnerabilitiesThe Register
•68% Informative
Google 's Quick Share is a peer-to-peer file-sharing tool that lets people send and receive files between nearby devices.
Ten now-fixed bugs in Quick Share for Windows could have been exploited to wirelessly write new files onto victims' PCs without their approval.
Researchers demonstrated the remote code execution ( RCE ) attack at DEF CON today .
Google has fixed all of the flaws, and SafeBreach confirmed the RCE chain is no longer possible to pull off.
SafeBreach 's team was able to use Quick Share to force a target device to connect to a Wi-Fi network of their choosing for about 30 seconds .
During that time, an attacker could try to man-in-the-middle the victim's wireless traffic, though nearly everything is encrypted in transit at the application layer at least these days .
The researchers also found a path traversal attack that — ironically — was possible to Quick Share's code responsible for removing paths traversal strings.
The attacker tricks the victim's Quick Share into overwriting the executable being fetched and saved by the browser to the user's downloads folder.
The attacker then replaces the legitimateexe with a malicious one by force-sending a file with the exact same name.
SafeBreach says it worked closely with the Chrome maker to resolve the vulnerabilities.
VR Score
52
Informative language
42
Neutral language
37
Article tone
semi-formal
Language
English
Language complexity
51
Offensive language
not offensive
Hate speech
not hateful
Attention-grabbing headline
not detected
Known propaganda techniques
not detected
Time-value
medium-lived
External references
13
Source diversity
9
Affiliate links
no affiliate links