Attention Samsung phone users, upgrade the Galaxy Store to the latest version now!

Last update: January 23, 2023 at 10:39 UTC + 01:00

If you own a Galaxy smartphone, there are vulnerabilities in your device Galaxy store The app that allows attackers to install any app on your Galaxy Phone without your knowledge. The vulnerabilities were found by researchers at NCC Group, a cybersecurity firm, between November 23 and December 3, 2022, and the flaw was assigned a number of common vulnerabilities and exposures. CVE-2023-21433.

The CVE number helps researchers track vulnerabilities or vulnerabilities, and Google cites these CVE numbers in the changelog if it has fixed bugs in the month to month. android updates. There is a second drawback set CVE-2023-21434attackers are allowed Executing JavaScript on a Galaxy phone.

according to for the research report, the attacker can easily allow bad actors to access personal data, which can also lead to application crashes. Because of these vulnerabilities in the Galaxy Store app, an attacker can install any app on the user’s Samsung phone without their knowledge, and that poses a huge security risk.

Samsung has already released an updated version that fixes two bugs

NCC shared that ADB (Android Debug Bridge) directs an app to install the “Pokemon Go” app by sending an intent to the app store with the desired target app. The intent also provides information about whether the app was opened or not after installation, giving attackers more options in attacking users. Researchers found that the Galaxy Store’s web offerings contained a filter that was not configured properly.

Clicking the malicious link on Google Chrome or via a rogue app pre-installed on a Samsung device can bypass the URL filter and launch an attacker-controlled webview.

See also  Valve is upgrading its Steam Deck ahead of release, but we still don't know how much it costs

Unfortunately, not all Samsung devices can upgrade the Galaxy Store app to the latest version. However, if you have a running Galaxy device Android 13and then CVE-2023-21433 Your device cannot be exploited, thanks to the security features of the operating system. Samsung has released a New version On the first day it was announced that it had fixed two holes in the Galaxy Store. So, if you haven’t updated the Galaxy Store app on your Galaxy phone running Android 13, we suggest that you do so immediately.

Leave a Reply

Your email address will not be published. Required fields are marked *