All Samsung Galaxy owners need to have the latest version of the Galaxy Store on their phones

researchers in Cybersecurity firm NCC Group has discovered a vulnerability in the Galaxy Store, an app storefront available only to those with Samsung Galaxy handsets. The vulnerability was discovered between November 23rd and December 3rd, 2022 and could allow an attacker to install arbitrary apps from the Galaxy App Store onto Galaxy phones without the user’s knowledge. bottom.
This flaw has been assigned Common Vulnerabilities and Exposures number CVE-2023-21433. Giving each vulnerability his CVE number helps researchers track them, and Google cite these numbers when revealing patched flaws in monthly Android updates. increase. The second vulnerability is his CVE-2023-21434, which allows an attacker to execute JavaScript on her Galaxy handset.

Exploiting the vulnerability could put a Galaxy user’s personal information at risk

The report notes that an attack that exploits the vulnerability could allow malicious individuals to access personal data or crash the app, depending on the intent of the attacker. If an attacker uploads a malicious app to the Galaxy Store before exploiting the flaw, it could install the app on the Galaxy smartphone without the owner’s knowledge. And it can lead to serious security issues.

To launch the attack, a user taps a malicious hyperlink displayed in the Google Chrome browser (using a Samsung Galaxy phone), or a malicious app pre-installed on a Galaxy handset passes Sammy’s URL filter. to launch the web view. Attacker-controlled domains.

According to a report from the NCC, “We have discovered that the Galaxy Store has exported activities that do not handle incoming intents in a secure manner. This could lead to other applications being installed on top of the same. there is. Samsung devices may automatically install applications available in the Galaxy Store without the user’s knowledge.” The report also states, “The rouge application pre-installed on Samsung devices running Android 12 and below. may exploit this issue to install an application currently available in the Galaxy Store.”
CVE-2023-21433 cannot be exploited on Samsung phones running Android 13 thanks to security features that are part of the latest builds of Google’s mobile operating system. Additionally, on the first day of 2023, Samsung announced that it had patched two of his vulnerabilities and released version of the Galaxy Store.

Pre-order the Galaxy S23 series now!

Make sure your Galaxy branded phone is running the latest version of the Galaxy App Store, even if your device is running Android 13. Neutralized by Android 13 security features.

How to update Galaxy Store on Samsung phone

To update the Galaxy Store on your phone, open the Galaxy Store app and you will see a notification with a button called Update. Tap that button and follow the instructions.If you don’t see the notification, after opening the app menu > Configuration. Tap About Galaxy Store and press the refresh button. The update was released on January 1st, so you may have already installed the update.

If you own an older Samsung Galaxy phone that is no longer supported by Samsung, you may be out of luck. This is because it does not receive Galaxy Store updates and the version on the app storefront may contain defects.In this case you can We recommend purchasing a new phone or disabling the Galaxy Store from your phone. However, this is also not a good solution as updates for Samsung apps on your device come through the Galaxy Store.

If buying a new phone is out of the question, check your device to make sure you don’t have any apps installed that you didn’t download (other than apps Samsung pre-installed on your handset).

Leave a Reply

Your email address will not be published. Required fields are marked *