Samsung phone users, upgrade the Galaxy Store to the latest version right now!

Last updated: Jan 23, 2023 10:39 UTC+01:00

There is a vulnerability in the Galaxy Store app that could allow an attacker to install apps on your Galaxy phone without your knowledge if you own a Galaxy smartphone. The vulnerability was discovered between November 23 and December 3, 2022 by researchers from cybersecurity firm NCC Group, and the flaw has been assigned a Common Vulnerabilities and Exposures number. CVE-2023-21433.

CVE numbers help researchers track down flaws or vulnerabilities, and Google quotes these CVE numbers in its change log when it patches flaws in monthly Android updates. There is a second defect assigned. CVE-2023-21434An attacker could: Running JavaScript on Galaxy handsets.

According to research reports, attackers can easily allow malicious actors access to private data, which can even lead to app crashes. This vulnerability in the Galaxy Store app allows attackers to unknowingly install any app on a user’s Samsung phone, which poses a huge security risk.

Samsung has already released an updated version that fixes two vulnerabilities.

NCC shared that the Android Debug Bridge (ADB) instructs the app to install the “Pokemon Go” app by submitting an intent to the App Store with the desired target application. Intents also provide information about whether the app was opened after installation, giving attackers more choice when attacking users. Researchers found that the Galaxy Store’s webview contained a poorly configured filter.

Tapping a malicious link in Google Chrome or a malicious application pre-installed on Samsung devices can bypass URL filters and launch attacker-controlled webviews.

Unfortunately, not all Samsung devices can upgrade the Galaxy Store app to the latest version. However, if you have a Galaxy device running Android 13 CVE-2023-21433 The security features of the OS make it impossible to misuse the device. Samsung is New version It said that it has patched two vulnerabilities in the Galaxy Store. So, if you haven’t updated the Galaxy Store app on Android 13 running your Galaxy phone, we recommend that you do so now.

Leave a Comment