Several unpatched vulnerabilities were discovered in the ShareIT Android application by Trend Micro, an app with over one billion downloads that is used for sharing files between users and their devices.
The vulnerability is believed to have been unpatched for three months, which allows an attacker to achieve remote code execution (RCE) on the victim’s device. The cause of which is improper access control to the application’s resources.
The impact:
A remote attacker can execute malicious commands on the device or install malware without the device owner’s knowledge. The vulnerability only affects the Android Application, iOS instances run on a separate and distinct codebase.
The remediation:
Update the ShareIT Android App immediately if you have not done so already.
Source: Zdnet