Pair of Galaxy App Store Bugs Offer Cyberattackers Mobile Device Access - Dark Reading

The Galaxy App Store, the authoritative mobile app store available connected Samsung devices, has 2 vulnerabilities, which, if exploited, could let menace actors to instal a malicious exertion without the idiosyncratic ever knowing it's taken place.

The contented lone affects devices with Android 12 and lower, according to an investigation from NCC Group.

The archetypal vulnerability, tracked arsenic CVE-2023-21433, lets attackers instal applications from the Galaxy App Store. The second, tracked arsenic CVE-2023-21434, could fto attackers motorboat a Web domain they power and execute JavaScript, the NCC Group study connected the bugs explained.

"Samsung has released an updated mentation of the Galaxy App Store (version 4.5.49.8)," NCC Group's Ken Gannon said. "Users should unfastened the Galaxy App Store connected their phone, and, if prompted, download and instal the latest version."