Lenovo issued patches to fix four issues found on some ThinkPad and IdeaPad devices using the SHAREit app, including allowing remote system access and unauthorized access of transferred files.
The issues with SHAREit, which were identified by Core Security, include having a static password on the computers that cannot be changed by the user and would allow anyone accessing this password to join a protected, ad hoc hot Wi-Fi hotspot created by the app. Core Security found a similar problem with the Android version of SHAREit where no password was needed to join the hotspot.
Other vulnerabilities allowed traffic between SHAREit users to be intercepted and altered, an attacker within Wi-Fi range could connect into the LAN to view files and the final flaw could cause a denial of service attack crashing SHAREit.
SHAREit version 3.2.0 and above for Windows, and Android version 3.5.38 and above fix the problems.
