SHAREit for PC Download Rate Now Software Review SHAREit for PC Version 4.0.5.171 When you write and submit a review, we'll thank you for being here.
SHAREit Vulnerability for Windows and Android
Lenovo Security Advisory: LEN-4058
Potential impact: Denial of service attacks that can remotely browse file systems, gain unauthorized access to files on Windows and Android, and crash Windows SHAREit clients
Importance: High Overview:
A vulnerability has been identified in the Windows and Android versions of the SHAREit application that could allow an attacker to remotely browse a file system and gain unauthorized access to files.
Contents:
SHAREit for Windows and Android is preloaded on some Think, IdeaPad or Lenovo notebook computers, Lenovo mobile devices, or downloaded to non-Lenovo Windows or Android devices, allowing users to share specific files and folders across smartphones, tablets, and personal computers. An application that allows you to.
To do this, SHAREit creates an ad hoc Wi-Fi hotspot on the sender's system or allows SHAREit users to connect over the local LAN. The sender selects the file or folder to send and sends it to the specific SHAREit user. The user can then download the specified file. A vulnerability has been identified in Windows versions of SHAREit that allows an attacker to participate in an ad hoc Wi-Fi hotspot that SHAREit creates and protects by entering a fixed password that the user cannot change. A similar vulnerability has been identified for SHAREit Android versions that do not require a password to connect to an ad hoc Wi-Fi hotspot. The second vulnerability, found in the Windows and Android versions, allows an attacker to actively block traffic between two users sending a file, allowing the attacker to copy or change the content being transferred. Windows SHAREit 3.2.0 and later versions and Android SHAREit 3.5.38_ww and later versions address the first vulnerability by configuring users' unique passwords when users share files with each other to prevent unauthorized users from connecting to SHAREit hotspots. Includes a new “secure mode” option that solves this mode, which also encrypts file transfers using AES-256 (using a unique password as a pre-shared key) for LAN transfers between PCs and The transport also addresses the second vulnerability through hotspot WPA connections. The third and fourth vulnerabilities were only found in SHAREit for Windows. The third vulnerability could allow remote attackers to remotely view file names within the physical Wi-Fi range or on the same local LAN as file names accessible by users running SHAREit, subject to normal Windows file access restrictions. It is. The fourth vulnerability results in a denial of service attack that crashes the Windows SHAREit client. The vulnerability would not allow an attacker to download or access a file that could be viewed. These vulnerabilities are addressed in 3.4.0.1023 for Windows and later versions of SHAREit all modes. Update 4/4/11: A new vulnerability has been identified in versions below SHAREit 3.5.78 for Android. The vulnerability could allow a malicious attacker to download arbitrary files to a user's device if the full file path was known. To resolve this issue, update SHAREit for Android to the latest version. A new vulnerability has also been identified in versions prior to SHAREit 3.4.0.1023 for Windows. This vulnerability could allow an attacker to upload unauthorized files to a SHAREit user. To resolve this issue, update SHAREit for Windows to the latest version. Mitigation Strategies for Your Customers (Protect Yourself):
Use either of the following two methods to resolve all the vulnerabilities exposed.
1. Follow the instructions below to update the software to the latest version (3.4.0.1023 and higher for Windows, 3.5.78_ww and higher for Android).
2. Use the secure mode following the instructions below.
There are three ways to update to the latest version of Windows:
1.Update via SHAREit App
When you open SHAREit on your PC, you will be prompted to automatically update SHAREit to the latest version.
2. Update via Lenovo System Update utility or Lenovo OneKey Optimizer utility
In Lenovo System Update, click “Get new updates” and follow the prompts to update your system to the latest version of SHAREit.
Click "Update" in Lenovo OneKey Optimizer and follow the prompts to update your system to the latest version of SHAREit.
3. Update via direct download
Check the SHAREit version installed on your system and click the download link on the following website. Click the “Free Download” link at the top, click “Download for Windows”, and open the executable file: http://shareit.lenovo.com
No comments:
Post a Comment