May 29, 2023

Researchers have disclosed vulnerabilities in Samsung’s Galaxy Store app for Android that could be exploited by an attacker to install arbitrary apps or direct prospective victims to fraudulent landing pages on the web.

The issues were tracked as CVE-2023-21433 and CVE-2023-21434. Samsung classified the bugs as moderate risk.

Samsung Galaxy Store, previously known as Samsung Apps and Galaxy Apps, is a dedicated app store used for Android devices manufactured by Samsung.

Advertisements

The first bug is CVE-2023-21433, which could enable an already installed rogue Android app on a Samsung device to install any application available on the Galaxy Store. Articulated as improper access control by Samsung that it said has been patched with proper permissions to prevent unauthorized access. It affects Android version 12 and before.

The second vulnerability, CVE-2023-21434, is an instance of improper input validation occurring when limiting the list of domains that could be launched as a WebView from within the app, effectively enabling a threat actor to bypass the filter and browse to a domain under their control.

Researchers from the NCC group identified these vulnerabilities and informed Samsung during November 2022, and an update released fixes in version 4.5.49.8 shipped earlier this month as a part of January 2023 fixes

Tags:

Leave a Reply

You may have missed

CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
%d bloggers like this: