(TOMORROW!) Be the first with a 200MP camera! Visit Samsung to reserve and gain $100 in Samsung credit!

SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission. Learn more.

Attention Galaxy users, upgrade Galaxy Store to latest version right now!

Phone
By 

Last updated: January 23rd, 2023 at 10:39 UTC+01:00

If you own a Galaxy smartphone, there are vulnerabilities in the Galaxy Store app that let attackers install any app on a Galaxy Phone without your knowledge. The vulnerabilities were found by researchers at NCC Group, the cybersecurity firm, between November 23 and December 3, 2022, and the flaw was assigned the Common Vulnerabilities and Exposures number CVE-2023-21433.

The CVE number helps researchers keep a track of the flaw or vulnerabilities, and Google cites these CVE numbers in the changelog if it has patched the flaws in the monthly Android updates. There is a second flaw, which has been assigned CVE-2023-21434, and it allows attackers to execute JavaScript on a Galaxy handset.

According to the research report, the attacker can easily allow bad actors to access personal data, which could also result in the app crashing. Because of these vulnerabilities in the Galaxy Store app, an attacker can install any app on the user’s Samsung phone without their knowledge, and it poses a huge security risk.

Samsung has already released an updated version that fixes two vulnerabilities

NCC shared that an ADB (Android Debug Bridge) instructs an app to install the “Pokemon Go” app by submitting an intent to the app store with the desired target application. The intent also gives information on whether the app was opened or not after the installation, giving attackers more choices in attacking the users. Researchers found that the webviews in the Galaxy Store contain a filter that isn’t properly configured.

Tapping the malicious link on Google Chrome or via a pre-installed rogue application on a Samsung device can bypass the URL filter and launch a webview that is controlled by the attacker.

Unfortunately, not all Samsung devices cannot upgrade the Galaxy Store app to its latest version. However, if you have a Galaxy device running Android 13, then CVE-2023-21433 cannot exploit your device, thanks to the security features of the OS. Samsung released a new version 4.5.49.8 on the very first day and announced that it had patched two vulnerabilities in the Galaxy Store. So, if you haven’t updated the Galaxy Store app on your Android 13 running Galaxy phone, we would suggest you do that right away.

PhoneTablet Android 13Galaxy Store
Load 1 comments

You might also like

Galaxy A52 5G’s unlocked model finally gets Android 13 update in the US

Two months ago, Samsung released the Android 13 update to the Galaxy A52 5G’s carrier-locked version in the US. The update was also released around the same time in Europe. The company is now releasing the Android 13 update to the Galaxy A52 5G’s unlocked variant in the US. The Android 13-based One UI 5.0 […]

  • By Asif Iqbal Shaik
  • 1 day ago

Samsung’s fantastic software update policy will soon welcome new members

Samsung remains the undisputed king of software updates in the world of Android smartphones. Samsung decided last year that it would provide four major OS upgrades to all flagships and its mainstream Galaxy A smartphones starting 2022, and it even extended the new long term update promise to devices launched in 2021. Some manufacturers are […]

  • By Abhijeet Mishra
  • 6 days ago

US Galaxy Z Fold 2 users with carrier-locked model can now install Android 13 update

Samsung released the Android 13 update to the Galaxy Z Fold 2’s international version two months ago. Last month, the update reached the US unlocked version of the Galaxy Z Fold 2. Today, the South Korean firm has released the Android 13 update to the carrier-locked version of the smartphone. The Android 13-based One UI […]

  • By Asif Iqbal Shaik
  • 6 days ago

Galaxy S21 FE gets Android 13 in the US two months after other markets

Two months ago, Samsung released the Android 13 update to the Galaxy S21 FE for the first time. However, back then, the update was limited to the international version of the smartphone. Today, the update is finally rolling out to the US carrier-unlocked version of the smartphone. The Android 13-based One UI 5.0 update for […]

  • By Asif Iqbal Shaik
  • 6 days ago

Unlocked Galaxy A51 gets the last Android update in the USA

The Galaxy A51 is getting its last big Android OS upgrade in the USA. Specifically, Android 13 is now live for the unlocked Galaxy A51 in the United States, and with the new firmware comes One UI 5.0 and the December 2022 security patch. The Galaxy A51 shipped in 2019 with Android 10 onboard. The […]

  • By Mihai Matei
  • 7 days ago

Galaxy S20 FE US fans finally get what they’ve been waiting for

The factory-unlocked Galaxy S20 FE 5G is finally getting the Android 13 update in the USA. Carrier models got the update at the end of last year, and the unlocked variant is now following suit. Android 13 and One UI 5.0 are now available for the S20 FE 5G variant that carries the SM-G781U1 model […]

  • By Mihai Matei
  • 7 days ago