Security News > 2023 > January > Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud
Samsung classified the bugs as moderate risk and released fixes in version 4.5.49.8 shipped earlier this month.
Samsung Galaxy Store, previously known as Samsung Apps and Galaxy Apps, is a dedicated app store used for Android devices manufactured by Samsung.
The first of the two vulnerabilities is CVE-2023-21433, which could enable an already installed rogue Android app on a Samsung device to install any application available on the Galaxy Store.
It's worth noting here that the shortcoming only impacts Samsung devices that are running Android 12 and before, and does not affect those that are on the latest version.
"Either tapping a malicious hyperlink in Google Chrome or a pre-installed rogue application on a Samsung device can bypass Samsung's URL filter and launch a webview to an attacker controlled domain," NCC Group researcher Ken Gannon said.
The update comes as Samsung rolled out security updates for the month of January 2023 to remediate several flaws, some of which could be exploited to modify carrier network parameters, control BLE advertising without permission, and achieve arbitrary code execution.
News URL
https://thehackernews.com/2023/01/samsung-galaxy-store-app-found.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-09 | CVE-2023-21433 | Incorrect Default Permissions vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8 Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | 7.8 |