A now-patched security flaw has been disclosed in the Galaxy Keep application for Samsung gadgets that could probably result in distant command execution on impacted phones.
The vulnerability, which impacts Galaxy Keep version 4.5.32.4, relates to a cross-site scripting (XSS) bug that happens when managing specified deep links. An unbiased security researcher has been credited with reporting the issue.
“Here, by not checking the deep website link securely, when a person accesses a connection from a internet site made up of the deeplink, the attacker can execute JS code in the webview context of the Galaxy Retail outlet application,” SSD Protected Disclosure claimed in an advisory posted past week.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
XSS attacks allow for an adversary to inject and execute malicious JavaScript code when visiting a website from a browser or a further software.
The issue identified in the Galaxy Keep application has to do with how deep backlinks are configured for Samsung’s Promoting & Material Support (MCS), probably major to a situation the place arbitrary code injected into the MCS site could direct to its execution.
This could then be leveraged to down load and set up malware-laced applications on the Samsung unit when checking out the hyperlink.
“To be in a position to effectively exploit the victim’s server, it is required to have HTTPS and CORS bypass of chrome,” the scientists noted.
Uncovered this post exciting? Abide by THN on Facebook, Twitter and LinkedIn to study extra distinctive content we article.
Some elements of this post are sourced from:
thehackernews.com