Google has recently addressed a security vulnerability in its Quick Share utility for Windows, which could have allowed attackers to send files to a user’s device without their consent. This flaw, identified as CVE-2024-10668 with a CVSS score of 5.9, was discovered by cybersecurity researchers at SafeBreach Labs.
Background on Quick Share
Quick Share, formerly known as Nearby Share, is Google’s peer-to-peer file-sharing tool designed to facilitate the transfer of files, photos, videos, and other documents between devices in close proximity. It functions similarly to Apple’s AirDrop and supports various platforms, including Android devices, Chromebooks, and Windows desktops and laptops.
Initial Discovery and Patching
In August 2024, SafeBreach Labs identified a series of ten vulnerabilities within Quick Share, collectively referred to as QuickShell. These vulnerabilities, cataloged under CVE-2024-38271 and CVE-2024-38272, had CVSS scores of 5.9 and 7.1, respectively. If exploited in sequence, they could have enabled remote code execution on Windows systems.
Following responsible disclosure, Google released patches to address these issues. However, subsequent analysis revealed that two of the vulnerabilities were not fully mitigated, leaving the application susceptible to crashes and unauthorized file transfers.
Details of the Unresolved Vulnerabilities
The first issue pertained to a denial-of-service (DoS) vulnerability. By using a file name that begins with an invalid UTF-8 continuation byte, such as \xc5\xff, an attacker could crash the Quick Share application. This method differed from the previously identified exploit, which utilized a file name starting with a NULL terminator (\x00).
The second issue involved unauthorized file transfers. Initially, Google’s fix marked transferred files as unknown and deleted them after the transfer session concluded. However, researchers found that by sending two different files within the same session using the same payload ID, only one file would be deleted, leaving the other intact in the Downloads folder.
Implications and Recommendations
These findings underscore the importance of thorough vulnerability remediation. Even after initial patches, residual issues can persist, potentially exposing users to security risks. SafeBreach researcher Or Yair emphasized the need for vendors to address the root causes of vulnerabilities, stating, Even when code is complex, vendors should always address the real root cause of vulnerabilities that they fix.
Users are advised to update their Quick Share application to version 1.0.2002.2 or later to ensure these vulnerabilities are patched. Regular software updates and vigilance against potential security threats remain crucial in maintaining device security.
