Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Samsung Galaxy Store security flaws may allow hackers to install apps and more, here’s how | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


The Galaxy Store is Samsung’s app store that comes pre-installed on the company’s devices. A new security flaw in the Galaxy Store is reportedly making Samsung’s devices vulnerable and is leaving users at potential risk. Samsung users have been advised to update the Galaxy Store on their Samsung smartphone or tablet immediately, to avoid any attack. According to a report by 9To5Google, cybersecurity researchers at NCC Group have revealed two significant security vulnerabilities affecting the Galaxy Store app store.
These security flaws are being shipped on Samsung’s Android smartphones and tablets. The South Korea-based tech giant has fixed both vulnerabilities, but users will need to update the store to apply these fixes. Samsung has already rolled out the Galaxy Store version 4.5.49.8 update to patch both of these security issues.
Samsung Galaxy Store security flaw: What are they
The first vulnerability is named CVE-2023-21433 and it is caused by “improper access control” in the Galaxy Store. This flaw allows attackers to install apps on a user’s device without their permission. For hackers to install the app, it has to be available on the Galaxy Store in the first place. However, the issue only affects Samsung Galaxy devices running Android 12 and older.

Devices that have been upgraded to Android 13 are immune to this particular issue. The impact of this vulnerability is relatively minor as it can only install apps from the app store. However, this is not a safe practice and used should fix the issue immediately.
Another vulnerability is called CVE-2023-21434 and it also had the potential to cause trouble. This bug caused Galaxy Store’s webview filter to configure improperly. This allowed users to access risky domains as long as they had similar elements to an approved URL. The primary concern with his flaw was the JavaScript attacks, which could have been loaded.
Also Watch:

Samsung AX46 Air Purifier: Bigger but is it better?

!(function(f, b, e, v, n, t, s) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadFBEvents = function() {
(function(f, b, e, v, n, t, s) {
if (f.fbq) return;
n = f.fbq = function() {
n.callMethod ? n.callMethod(…arguments) : n.queue.push(arguments);
};
if (!f._fbq) f._fbq = n;
n.push = n;
n.loaded = !0;
n.version = ‘2.0’;
n.queue = [];
t = b.createElement(e);
t.async = !0;
t.src = v;
s = b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t, s);
})(f, b, e, v, n, t, s);
fbq(‘init’, ‘593671331875494’);
fbq(‘track’, ‘PageView’);
};
})(
window,
document,
‘script’,
‘https://connect.facebook.net/en_US/fbevents.js’,
);if(typeof window !== ‘undefined’) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadScriptsOnceAdsReady = () => {
var scripts = [
‘https://static.clmbtech.com/ad/commons/js/2658/toi/colombia_v2.js’ ,
‘https://www.googletagmanager.com/gtag/js?id=AW-877820074’,
‘https://www.googletagmanager.com/gtag/js?id=AW-658129294’,
‘https://imasdk.googleapis.com/js/sdkloader/ima3.js’,
‘https://tvid.in/sdk/loader.js’,
‘https://timesofindia.indiatimes.com/video_comscore_api/version-3.cms’,
‘https://timesofindia.indiatimes.com/grxpushnotification_js/minify-1,version-2.cms’,
‘https://connect.facebook.net/en_US/sdk.js#version=v10.0&xfbml=true’,
‘https://timesofindia.indiatimes.com/locateservice_js/minify-1,version-14.cms’
];
scripts.forEach(function(url) {
let script = document.createElement(‘script’);
script.type=”text/javascript”;
if(!false && !false && !false && url.indexOf(‘colombia_v2’)!== -1){
script.src = url;
} else if (!false && !false && !false && url.indexOf(‘sdkloader’)!== -1) {
script.src = url;
} else if (!false && !false && (url.indexOf(‘tvid.in/sdk’) !== -1 || url.indexOf(‘connect.facebook.net’) !== -1 || url.indexOf(‘locateservice_js’) !== -1 )) {
script.src = url;
} else if (url.indexOf(‘colombia_v2’)== -1 && url.indexOf(‘sdkloader’)== -1 && url.indexOf(‘tvid.in/sdk’)== -1 && url.indexOf(‘connect.facebook.net’) == -1){
script.src = url;
}
script.async = true;
document.body.appendChild(script);
});
}
}

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW