Exploits released for two Samsung Galaxy App Store vulnerabilities

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,262
Content source
https://www.bleepingcomputer.com/news/security/exploits-released-for-two-samsung-galaxy-app-store-vulnerabilities/
Two vulnerabilities in the Galaxy App Store, Samsung’s official repository for its devices, could enable attackers to install any app in the Galaxy Store without the user’s knowledge or to direct victims to a malicious web location.

The issues were discovered by researchers from the NCC Group between November 23 and December 3, 2022.

The Korean smartphone maker announced on January 1, 2023 that it fixed the two flaws and released a new version for Galaxy App Store (4.5.49.8).

Today, the NCC Group published technical details for the two security issues, along with proof-of-concept (PoC) exploit code for each of them.

It should be noted that both attacks require local access, an easy feat for motivated hackers and malware distributors targeting mobile devices.
Click to expand...
www.bleepingcomputer.com

Exploits released for two Samsung Galaxy App Store vulnerabilities

Two vulnerabilities in the Galaxy App Store, Samsung's official repository for its devices, could enable attackers to install any app in the Galaxy Store without the user's knowledge or to direct victims to a malicious web location.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Thanks
  • Like
Reactions: Stopspying, harlan4096, vtqhtr413 and 3 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
The installation and automatic launch of apps from the Galaxy Store without the user’s knowledge may also lead to data or privacy breaches, especially if the attacker uploads a malicious app on the Galaxy Store beforehand.

It is important to note that CVE-2023-21433 is not exploitable on Samsung devices running Android 13, even if they use an older and vulnerable version of the Galaxy Store. This is owed to additional security protections on the latest version of Google’s mobile OS.

Unfortunately, all Samsung devices that are no longer supported by the vendor and which remain stuck to an older Galaxy Store version are vulnerable to the two vulnerabilities discovered by the NCC Group researchers.
Click to expand...
Same source as OP.
 
  • +Reputation
  • Like
Reactions: Stopspying, harlan4096, Gandalf_The_Grey and 2 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Trojanized Signal and Telegram apps on Google Play and Samsung Galaxy Store delivered spyware
Replies
7
Views
1,812
News Archive
cartaphilus
cartaphilus
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto
Replies
1
Views
1,052
News Archive
TairikuOkami
TairikuOkami
enaph
    • Like
    • +Reputation
Privacy News WhatsApp Introduces Encrypted Cross-Device Contact Syncing
Replies
0
Views
1,040
Security News
enaph
enaph

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top