Google's Quick Share peer-to-peer file-sharing tool has been impacted by 10 now-addressed security vulnerabilities, which could have been leveraged to facilitate unauthorized wireless file writing and remote code execution in Windows systems, The Register reports.
Included in the identified security bugs were issues that could have enabled file creation in the targeted device's Downloads folder and user folder, a forced 30-second connection between the targeted device and a different Wi-Fi network, various means of crashing Quick Share, and an infinite Quick Share loop involving the persistent opening of Downloads folder file, according to a study by SafeBreach researchers presented at this year's DEF CON security conference. Researchers noted that chaining the aforementioned vulnerabilities eventually allowed RCE. However, such an attack is no longer possible after Google issued fixes for a pair of remote unauthorized file write flaws, a remote forced Wi-Fi connection bug, and six remote denial-of-service issues.
