Two new vulnerabilities have been found in Galaxy App Store applications that allow local attackers to install arbitrary applications or launch specific web pages to execute JavaScript.
The findings are from cybersecurity experts. NCC Grouppublished a recommendation about them last Friday.
“We have discovered that the Galaxy App Store has exported activities that do not handle incoming intents in a secure manner,” writes NCC Group researcher Ken Gannon. Risk by Samsung.
“This allows other applications installed on the same Samsung device to automatically install applications available in the Galaxy App Store without the user’s knowledge.”
For the second vulnerability (which tracks CVE-2023-21434 and was marked as medium risk by Samsung), Gannon notes that the webview within the Galaxy App Store has a filter that restricts the domains that the webview can access. I found it included.
“However, a misconfigured filter allowed the WebView to browse domains controlled by the attacker,” the security expert explained. Recommendation.
In other words, tapping a malicious hyperlink in Google Chrome or tapping a malicious application pre-installed on a Samsung device bypasses Samsung’s URL filters and launches a web view to an attacker-specified domain. There is a possibility.
Both issues are reported to only affect Samsung devices running Android 12 and below. patch applied It was disclosed by Samsung in version 4.5.49.8 of the Galaxy App Store on January 1st, a few weeks after NCC Group disclosed the vulnerability on December 3rd.
“Users should open the Galaxy App Store on their phone and download and install the latest version when prompted,” Gannon concluded.
The patch comes nearly a year after cybercriminals infiltrated Samsung Electronics’ network. stole the source code. Most recently, the company disclosed that an unspecified number of customers in the United States had access to personal information. by unauthorized users July 2022.
