Samsung Android

Samsung Galaxy Store vulnerabilities left a hole for attackers to install apps and more

From 9to5google.com


You should update the Galaxy Store on your Samsung smartphone and/or tablet immediately, as a security hole leaves your device at potential risk.

Cybersecurity researchers at NCC Group this week revealed two major security vulnerabilities affecting the Galaxy Store app store that ships on Samsung’s Android smartphones and tablets. Both vulnerabilities have since been fixed, but you’ll need to update the store to apply the fixes.

The first issue, CVE-2023-21433, is caused by “improper access control” in the Galaxy Store and allows malicious parties to install apps on a user’s device without their knowledge. That app must be available through the Galaxy Store in the first place, though, and the issue only affects Android 12 and prior – Samsung Galaxy devices upgraded to Android 13 are immune to this particular issue.

It was found that the Galaxy App Store has an exported activity which does not handle incoming intents in a safe manner. This allows other applications installed on the same Samsung device to automatically install any application available on the Galaxy App Store without the user’s knowledge.

The impact of this particular issue is relatively minor due to the fact that it can only install apps from a relatively safe app store, but it is important to fix nonetheless.

The other issue that NCC Group found, CVE-2023-21434, also had potential to cause issues. The Galaxy Store’s webview filter was not properly configured and allows for malicious domains to be accessed as long as they had similar elements to an approved URL. The main worry here came from JavaScript attacks, which could have been loaded.

Both of these security issues were fixed in Galaxy Store version 4.5.49.8 which is available now.

More on Samsung:


Check out 9to5Google on YouTube for more news:

The post Samsung Galaxy Store vulnerabilities left a hole for attackers to install apps and more first appeared on 9to5google.com

New reasons to get excited everyday.



Get the latest tech news delivered right in your mailbox

Samsung Galaxy Store vulnerabilities left a hole for attackers to install apps and more

5 Reasons Why You Should Try Online Horse Race Betting

In many places around the world, horse races are an attraction that a lot of people love to watch. With the fast-paced action and thrill that each game provides, it is no longer surprising to know that millions of fans have grown fond of it.
Samsung Galaxy Store vulnerabilities left a hole for attackers to install apps and more

NordLayer — more than a business VPN

Cybersecurity threats have become vast and more sophisticated. The rate of malware attacks and malicious activity counts within seconds despite the size or sector the organization belongs to — no one is safe enough to expect that foe actors will bypass vital company resources.

Samsung Galaxy Store vulnerabilities left a hole for attackers to install apps and moreSamsung Galaxy Store vulnerabilities left a hole for attackers to install apps and more

You may also like

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
×
* Popular *
0
Would love your thoughts, please comment.x
()
x