• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

You are here: Home / General Cyber Security News / Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud
January 23, 2023

Samsung Galaxy Store App

Two security flaws have been disclosed in Samsung’s Galaxy Shop application for Android that could be exploited by a nearby attacker to stealthily put in arbitrary applications or direct future victims to fraudulent landing web pages on the web.

The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were being discovered by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung classified the bugs as reasonable risk and released fixes in model 4.5.49.8 shipped previously this month.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Samsung Galaxy Retail outlet, earlier acknowledged as Samsung Applications and Galaxy Applications, is a focused app retail outlet utilized for Android units manufactured by Samsung. It was launched in September 2009.

The initial of the two vulnerabilities is CVE-2023-21433, which could help an now mounted rogue Android application on a Samsung system to put in any application available on the Galaxy Store.

Samsung described it as a scenario of poor access regulate that it said has been patched with right permissions to prevent unauthorized access.

It truly is well worth noting below that the shortcoming only impacts Samsung gadgets that are running Android 12 and ahead of, and does not have an effect on individuals that are on the most up-to-date model (Android 13).

The second vulnerability, CVE-2023-21434, relates to an instance of incorrect enter validation occurring when limiting the list of domains that could be released as a WebView from inside the app, properly enabling a menace actor to bypass the filter and browse to a domain beneath their command.

“Either tapping a malicious hyperlink in Google Chrome or a pre-installed rogue software on a Samsung gadget can bypass Samsung’s URL filter and launch a webview to an attacker controlled area,” NCC Group researcher Ken Gannon mentioned.

The update arrives as Samsung rolled out security updates for the month of January 2023 to remediate numerous flaws, some of which could be exploited to modify provider network parameters, regulate BLE advertising and marketing without the need of permission, and accomplish arbitrary code execution.

Identified this posting exciting? Comply with us on Twitter  and LinkedIn to read much more special content material we submit.


Some components of this post are sourced from:
thehackernews.com

Previous Post: «saas security posture management (sspm) as a layer in your SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud
  • SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric
  • Mailchimp data breach impact unravels as second customer reveals extent of damage
  • Riot Games Halts Work After Cyber-Attack
  • Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
  • New Government Cyber Advice for £100bn UK Charity Sector
  • Freshworks CISO Jason Loomis embraces the ‘shift left’ amid surging supply chain threats
  • Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps
  • The Cookie Law is finally crumbling – good riddance
  • Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers’ DNS Settings

Copyright © TheCyberSecurity.News, All Rights Reserved.