SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission.

Notifications
    News For You

    Attention Galaxy users, upgrade Galaxy Store to latest version right now!

    Phone
    By 

    Last updated: January 23rd, 2023 at 10:39 UTC+01:00

    If you own a Galaxy smartphone, there are vulnerabilities in the Galaxy Store app that let attackers install any app on a Galaxy Phone without your knowledge. The vulnerabilities were found by researchers at NCC Group, the cybersecurity firm, between November 23 and December 3, 2022, and the flaw was assigned the Common Vulnerabilities and Exposures number CVE-2023-21433.

    The CVE number helps researchers keep a track of the flaw or vulnerabilities, and Google cites these CVE numbers in the changelog if it has patched the flaws in the monthly Android updates. There is a second flaw, which has been assigned CVE-2023-21434, and it allows attackers to execute JavaScript on a Galaxy handset.

    According to the research report, the attacker can easily allow bad actors to access personal data, which could also result in the app crashing. Because of these vulnerabilities in the Galaxy Store app, an attacker can install any app on the user's Samsung phone without their knowledge, and it poses a huge security risk.

    Samsung has already released an updated version that fixes two vulnerabilities

    NCC shared that an ADB (Android Debug Bridge) instructs an app to install the “Pokemon Go” app by submitting an intent to the app store with the desired target application. The intent also gives information on whether the app was opened or not after the installation, giving attackers more choices in attacking the users. Researchers found that the webviews in the Galaxy Store contain a filter that isn't properly configured.

    Tapping the malicious link on Google Chrome or via a pre-installed rogue application on a Samsung device can bypass the URL filter and launch a webview that is controlled by the attacker.

    Unfortunately, not all Samsung devices cannot upgrade the Galaxy Store app to its latest version. However, if you have a Galaxy device running Android 13, then CVE-2023-21433 cannot exploit your device, thanks to the security features of the OS. Samsung released a new version 4.5.49.8 on the very first day and announced that it had patched two vulnerabilities in the Galaxy Store. So, if you haven't updated the Galaxy Store app on your Android 13 running Galaxy phone, we would suggest you do that right away.

    PhoneTablet Android 13Galaxy Store
    Galaxy AI summarized

    Scroll for more related content
    News For You

    You might also like

    Galaxy A53 gets Android 14 (One UI 6.0) update in India

    Galaxy A53 gets Android 14 (One UI 6.0) update in India

    The Galaxy A53 started getting access to the stable Android 14 update last week, but it was limited to users in the UK. Now, Samsung has released the stable Android 14-based One UI 6.0 update to the Galaxy A53 in India. However, the update is currently limited to those who were beta-testing One UI 6.0 […]

    • By Asif Iqbal Shaik
    • 6 months ago
    Google Cast controls are now compatible with media player widget

    Google Cast controls are now compatible with media player widget

    Google Cast is among the best media casting protocols in the world right now, and it comes built into Android, Android TV/Google TV, and several soundbars and speakers. However, its controls weren't as seamlessly integrated with Android as they should have been. That's changing now, though. Earlier, Google Cast media controls showed up as a […]

    • By Asif Iqbal Shaik
    • 7 months ago
    Samsung Galaxy A05 Indian variant gets Bluetooth SIG certification

    Samsung Galaxy A05 Indian variant gets Bluetooth SIG certification

    After launching the Galaxy A05s in India last month, Samsung is all set to launch another Galaxy A-series phone, i.e., the Galaxy A05 in the country. News about the upcoming Samsung Galaxy A05 has been pouring in for some time, and it was earlier reported that the phone will be pricier than its predecessor. While […]

    • By Sagar Naresh
    • 8 months ago
    Your Galaxy S23 FE will be updated all the way to Android 17!

    Your Galaxy S23 FE will be updated all the way to Android 17!

    The Galaxy S23 FE, like the previous Galaxy S FE devices from Samsung, is meant to offer a high-end experience at a price that doesn't drill a hole in your pocket. The S23 FE will be $100 cheaper than the Galaxy S20 FE and Galaxy S21 FE in some countries and will go on sale […]

    • By Abhijeet Mishra
    • 8 months ago
    Galaxy A03 Core is finally getting Android 13 Go (One UI 5.1) update

    Galaxy A03 Core is finally getting Android 13 Go (One UI 5.1) update

    The Galaxy A03 Core, being an ultra-affordable phone, has always received software updates quite late. However, unlike other affordable phones from Samsung, its updates have always been delayed by months. While other Galaxy phones were getting the Android 13 update earlier this year, the Galaxy A03 Core received the Android 12 Go update. Now, the […]

    • By Asif Iqbal Shaik
    • 9 months ago
    Galaxy A51 5G, A71 5G get One UI 5.1.1 update in the US

    Galaxy A51 5G, A71 5G get One UI 5.1.1 update in the US

    Samsung has started rolling out a new software update to the Galaxy A51 5G and the Galaxy A71 5G smartphones running on the Verizon network in the US. The software update brings One UI 5.1.1 to these devices, which offers a bunch of new features to Gallery, Samsung Health, Quick Share, Device Care, and Mobile […]

    • By Abid Iqbal Shaik
    • 9 months ago