All Samsung Galaxy owners must have the latest version of the Galaxy Store installed on their devices

News Summary:

  • Google cites those numbers when revealing bugs patched in his monthly Android updates. The second bug is his CVE-2023-21434, which allows an attacker to execute JavaScript on his Galaxy phone. The report notes that an attack that exploits the vulnerability could, depending on the attacker’s imagination, give the attacker access to personal data and even crash the app. If an attacker uploads a malicious app to the Galaxy store before exploiting the vulnerability, it could install the app on the Galaxy smartphone without the owner’s knowledge. And it can lead to serious security issues.

  • Researchers at cybersecurity firm NCC Group have discovered a vulnerability in the Galaxy Store, an app storefront available only to owners of Samsung Galaxy smartphones. The vulnerability was discovered between November 23rd and December 3rd, 2022 and could allow an attacker to install arbitrary apps from the Galaxy App Store onto Galaxy phones without the user’s knowledge. This bug has been assigned Common Vulnerabilities and Exposures number CVE-2023-21433. Assigning her CVE number to each vulnerability helps researchers track them.

A user may launch an attack by tapping a malicious hyperlink displayed in the Google Chrome browser (using a Samsung Galaxy phone). Alternatively, a rogue app pre-installed on a Galaxy phone could infiltrate Sammy’s URL filters and his reviews to start controlled domains. by an attacker. The NCC report states: This allows other apps installed on the same Samsung device to automatically install apps available in the Galaxy Store without the user’s knowledge. The report also states, “The Rouge app pre-installed on Samsung devices running Android 12.

Source

Below is subject to this exploit, please install the application currently available in the Galaxy Store.”