Getty Images/iStockphoto
An Android application downloaded more than one billion times contains unpatched vulnerabilities that the app maker has failed to fix for more than three months.
special feature
Securing Your Mobile Enterprise
Mobile devices continue their march toward becoming powerful productivity machines. But they are also major security risks if they aren't managed properly. We look at the latest wisdom and best practices for securing the mobile workforce.
The vulnerabilities impact the Android version of SHAREit, a mobile app that allows users to share files with friends or between personal devices.
The bugs can be exploited to run malicious code on smartphones where the SHAREit app is installed, Echo Duan, a mobile threats analyst for security firm Trend Micro, said in a report on Monday.
The root cause of the security flaws is the lack of proper restrictions on who can tap into the application's code.
Duan said that malicious apps installed on a user's device, or attackers who perform a person-in-the-middle network attack, can send malicious commands to the SHAREit app and hijack its legitimate features to run custom code, overwrite the app's local files, or install third-party apps without the user's knowledge.
Furthermore, the app is also vulnerable to so-called
Support the originator by clicking the read the rest link below.
