Researchers at cybersecurity firm NCC Group have discovered a vulnerability in the Galaxy Store, an app storefront available only to owners of Samsung Galaxy smartphones. The vulnerability was discovered between November 23rd and December 3rd, 2022 and could allow an attacker to install arbitrary apps from the Galaxy App Store onto Galaxy phones without the user’s knowledge. This bug has been assigned Common Vulnerabilities and Exposures number CVE-2023-21433. Assigning her CVE number to each vulnerability helps researchers track them.
A user may launch an attack by tapping a malicious hyperlink displayed in the Google Chrome browser (using a Samsung Galaxy phone). Alternatively, a rogue app pre-installed on a Galaxy phone could infiltrate Sammy’s URL filters and his reviews to start controlled domains. by an attacker. The NCC report states: This allows other apps installed on the same Samsung device to automatically install apps available in the Galaxy Store without the user’s knowledge. The report also states, “The Rouge app pre-installed on Samsung devices running Android 12.
Below is subject to this exploit, please install the application currently available in the Galaxy Store.”