January 23, 2023Rabbi Lakshmananmobile hacking / app security

Two security flaws have been discovered in Samsung’s Galaxy Store app for Android. A local attacker could exploit this vulnerability to covertly install arbitrary apps or direct the victim to a malicious landing page on her web.

The issue is tracked as CVE-2023-21433 and CVE-2023-21434it was discovered South Korean conglomerate notified in November and December 2022 by NCC Group.Samsung Classified Bug as medium risk and released fix for version which shipped earlier this month.

The Samsung Galaxy Store, formerly known as Samsung Apps and Galaxy Apps, is an app store exclusively for Android devices manufactured by Samsung. Released in September 2009.

The first of the two vulnerabilities, CVE-2023-21433, could allow a malicious Android app already installed on Samsung devices to install arbitrary applications available in the Galaxy Store.

Samsung explained that it was a case of improper access controls, which it said was patched with proper permissions to prevent unauthorized access.

Note that this drawback only affects Samsung devices running Android 12 and lower, not devices with the latest version (Android 13).

The second vulnerability, CVE-2023-21434, is related to an instance of improper input validation when limiting the list of domains that can be launched as domains. WebView From within your app, an attacker can effectively bypass filters and browse domains under your control.

“Tapping a malicious hyperlink in Google Chrome or tapping a malicious application pre-installed on a Samsung device can bypass Samsung’s URL filters and launch a web view to an attacker-controlled domain. said NCC Group researcher Ken Gannon.

This update replaces Samsung’s January 2023 Security Updates. fix some flawsSome of them can be used to modify carrier network parameters, control unauthorized BLE advertising, and execute arbitrary code.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog