Quick Share was initially developed for Android only, but was later released on Windows and Chrome as well, allowing users to share files with compatible devices nearby over Bluetooth, Wi-Fi, NFC, and other protocols. In August last year, Safebreach shared details on 10 flaws in Quick Share for Windows that could allow attackers to write files to a target device without a user’s approval, cause crashes, redirect traffic, and perform other malicious actions. Collectively tracked as CVE-2024-38271 (CVSS score of 5.9) and CVE-2024-38272 (CVSS score of 7.1), the issues were quickly patched by Google to prevent man-in-the-middle (MiTM) attacks that could eventually lead to RCE. More importantly, SafeBreach discovered that the patch for the unauthorized file write – which involved Quick Share to delete the ‘unknown file’ used in the exploit when the transfer session was over – did not resolve the issue.

‍