A Pair Of Galaxy App Store Bugs Give Cyber ​​Attackers Mobile Device Access


The Galaxy App Store, the official mobile app store available for Samsung devices, has two vulnerabilities. Exploiting this vulnerability could allow an attacker to install a malicious application without the user’s knowledge.

According to NCC Group’s analysis, this issue only affects devices with Android 12 or lower.

The first vulnerability, tracked as CVE-2023-21433, allows attackers to install applications from the Galaxy App Store. The second, tracked as CVE-2023-21434, could allow an attacker to run a web domain they control and run JavaScript, the NCC Group report described the bug.

“Samsung has released an updated version of the Galaxy App Store (version 4.5.49.8),” said Ken Gannon of NCC Group. “Users open the Galaxy App Store on their phone, download and install the latest version when prompted. must do,” he said.

Get the latest cybersecurity threats, newly discovered vulnerabilities, data breach information and emerging trends. Delivered daily or weekly to your email inbox.

subscribe

Leave a Comment