If you ain a Galaxy smartphone, determination are vulnerabilities successful the Galaxy Store app that fto attackers instal immoderate app connected a Galaxy Phone without your knowledge. The vulnerabilities were recovered by researchers astatine NCC Group, the cybersecurity firm, betwixt November 23 and December 3, 2022, and the flaw was assigned the Common Vulnerabilities and Exposures fig CVE-2023-21433.

The CVE fig helps researchers support a way of the flaw oregon vulnerabilities, and Google cites these CVE numbers successful the changelog if it has patched the flaws successful the monthly Android updates. There is simply a 2nd flaw, which has been assigned CVE-2023-21434, and it allows attackers to execute JavaScript connected a Galaxy handset.

According to the probe report, the attacker tin easy let atrocious actors to entree idiosyncratic data, which could besides effect successful the app crashing. Because of these vulnerabilities successful the Galaxy Store app, an attacker tin instal immoderate app connected the user’s Samsung telephone without their knowledge, and it poses a immense information risk.

Samsung has already released an updated mentation that fixes 2 vulnerabilities

NCC shared that an ADB (Android Debug Bridge) instructs an app to instal the “Pokemon Go” app by submitting an intent to the app store with the desired people application. The intent besides gives accusation connected whether the app was opened oregon not aft the installation, giving attackers much choices successful attacking the users. Researchers recovered that the webviews successful the Galaxy Store incorporate a filter that isn’t decently configured.

Tapping the malicious nexus connected Google Chrome oregon via a pre-installed rogue exertion connected a Samsung instrumentality tin bypass the URL filter and motorboat a webview that is controlled by the attacker.

Unfortunately, not each Samsung devices cannot upgrade the Galaxy Store app to its latest version. However, if you person a Galaxy instrumentality moving Android 13, past CVE-2023-21433 cannot exploit your device, acknowledgment to the information features of the OS. Samsung released a new mentation 4.5.49.8 connected the precise archetypal time and announced that it had patched 2 vulnerabilities successful the Galaxy Store. So, if you haven’t updated the Galaxy Store app connected your Android 13 moving Galaxy phone, we would suggest you bash that close away.