Samsung Galaxy App Store users were at risk from security flaws discovered by researchers. An adversary could use the vulnerability to infect targeted devices with malware or perform malicious activities. Samsung fixed the vulnerabilities before they could be exploited.
Samsung App Store App Vulnerabilities
A recent by the NCC Group revealed that their team found two security problems in Samsung’s Galaxy App store app.
Samsung’s is the Galaxy App Store. It provides users with an alternative to downloading applications. It is pre-installed on almost all supported Samsung devices such as smartphones and Samsung Gear. This means that any problems with this app could potentially affect many people worldwide.
Concerning vulnerabilities, the advisory describes the first as inappropriate access control (CVE-20223-21433). It is stated that
The Galaxy App Store exported an activity that does not protect incoming intents.
This flaw could be exploited by an attacker who installs a malicious application on target devices to install additional apps from Galaxy App Store.
The vulnerability was found in Galaxy App Store version 184.108.40.206. This vulnerability is not present on Android 13 devices.
The vulnerability was found in the Galaxy App Store Version 220.127.116.11 among others.
Researchers shared technical information with respective PoCs regarding both flaws and advisory.
Samsung Invented The Flaws
These vulnerabilities were discovered by researchers in the latter part of 2022. They then disclosed them to Samsung. The tech company responded by developing fixes and releasing the patches in the Galaxy App Store version 18.104.22.168.
To avoid exploits, upgrade their device with the most recent version of the app.
We would love to hear your comments.