Samsung has resolved two flaws in the Galaxy App Store, one of which allowed you to install applications secretly and execute malicious code

Samsung has resolved two flaws in the Galaxy App Store, one of which allowed you to install applicat ...

NCC Group cybersecurity experts discovered flaws in the Samsung Galaxy App Store and warned the manufacturer about it. On January 1, the company released an updated version of the client (4.5.49.8), and now the researchers have revealed the technical details of the incident.

Gerd Altmann/ pixabay.com/image/source

The first vulnerability, identified as CVE-2023-21433, is concerned with improper access control and allows forarbitrary applications to be installed on the victim's device. The second vulnerability is identified as CVE-2023-21434, which allows the execution of malicious JavaScript code on the target device.

Researchers demonstrated how to bypass the owner of the gadget to install the Pokemon Go gaming application, although hackers might choose something more dangerous in the future: according to AppBrain analytics, only 7% of Android devices are controlled by the latest version of the platform (Android 9.0 and older) and 27% of the market is unsupported.

The second issue is related to the Galaxy App Store's webview component, which supports a limited number of domain names, but it was previously incorrectly configured, making it possible to bypass restrictions and view pages controlled by potential hackers.

If you notice an error, move your mouse over it and press CTRL + ENTER.

You may also like: