Last update: January 23, 2023 at 10:39 UTC + 01:00
If you own a Galaxy smartphone, there are vulnerabilities in your device Galaxy store The app that allows attackers to install any app on your Galaxy Phone without your knowledge. The vulnerabilities were found by researchers at NCC Group, a cybersecurity firm, between November 23 and December 3, 2022, and the flaw was assigned a number of common vulnerabilities and exposures. CVE-2023-21433.
The CVE number helps researchers track vulnerabilities or vulnerabilities, and Google cites these CVE numbers in the changelog if it has fixed bugs in the monthly journal android updates. There is a second drawback set CVE-2023-21434attackers are allowed Executing JavaScript on a Galaxy phone.
according to for the research report, the attacker can easily allow bad actors to access personal data, which can also lead to application crashes. Due to these vulnerabilities in the Galaxy Store app, an attacker can install any app on the user’s Samsung phone without their knowledge, and this poses a huge security risk.
Samsung has already released an updated version that fixes security holes
NCC shared that ADB (Android Debug Bridge) instructs an app to install the “Pokemon Go” app by sending an intent to the app store with the desired target app. The intent also provides information about whether the app was opened or not after installation, giving attackers more options in attacking users. Researchers found that the Galaxy Store’s web offerings contained a filter that was not configured properly.
Clicking the malicious link on Google Chrome or via a rogue app pre-installed on a Samsung device can bypass the URL filter and launch an attacker-controlled webview.
Unfortunately, not all Samsung devices can upgrade the Galaxy Store app to the latest version. However, if you have a running Galaxy device Android 13and then CVE-2023-21433 Your device cannot be exploited, thanks to the security features of the operating system. Samsung has released a New version 4.5.49.8 On the first day it was announced that it had fixed two holes in the Galaxy Store. So, if you haven’t updated the Galaxy Store app on your Galaxy phone running Android 13, we suggest that you do so immediately.
