Exploits released for two Samsung Galaxy App Store vulnerabilities

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,750
6
81,460
8,389
54
The Netherlands
Content source
https://www.bleepingcomputer.com/news/security/exploits-released-for-two-samsung-galaxy-app-store-vulnerabilities/
Two vulnerabilities in the Galaxy App Store, Samsung’s official repository for its devices, could enable attackers to install any app in the Galaxy Store without the user’s knowledge or to direct victims to a malicious web location.

The issues were discovered by researchers from the NCC Group between November 23 and December 3, 2022.

The Korean smartphone maker announced on January 1, 2023 that it fixed the two flaws and released a new version for Galaxy App Store (4.5.49.8).

Today, the NCC Group published technical details for the two security issues, along with proof-of-concept (PoC) exploit code for each of them.

It should be noted that both attacks require local access, an easy feat for motivated hackers and malware distributors targeting mobile devices.
Click to expand...
www.bleepingcomputer.com

Exploits released for two Samsung Galaxy App Store vulnerabilities

Two vulnerabilities in the Galaxy App Store, Samsung's official repository for its devices, could enable attackers to install any app in the Galaxy Store without the user's knowledge or to direct victims to a malicious web location.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Thanks
  • Like
Reactions: Stopspying, harlan4096, vtqhtr413 and 3 others
The installation and automatic launch of apps from the Galaxy Store without the user’s knowledge may also lead to data or privacy breaches, especially if the attacker uploads a malicious app on the Galaxy Store beforehand.

It is important to note that CVE-2023-21433 is not exploitable on Samsung devices running Android 13, even if they use an older and vulnerable version of the Galaxy Store. This is owed to additional security protections on the latest version of Google’s mobile OS.

Unfortunately, all Samsung devices that are no longer supported by the vendor and which remain stuck to an older Galaxy Store version are vulnerable to the two vulnerabilities discovered by the NCC Group researchers.
Click to expand...
Same source as OP.
 
  • +Reputation
  • Like
Reactions: Stopspying, harlan4096, Gandalf_The_Grey and 2 others
You must log in or register to reply here.

You may also like...