DEAL Galaxy S24 FE, Galaxy Watch 7. Subscribe today and be the first to learn about One 7 beta!

SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission.

News For You
News For You
Notifications

Attention Galaxy users, upgrade Galaxy Store to latest version right now!

Phone
By 

Last updated: January 23rd, 2023 at 10:39 UTC+01:00

If you own a Galaxy smartphone, there are vulnerabilities in the Galaxy Store app that let attackers install any app on a Galaxy Phone without your knowledge. The vulnerabilities were found by researchers at NCC Group, the cybersecurity firm, between November 23 and December 3, 2022, and the flaw was assigned the Common Vulnerabilities and Exposures number CVE-2023-21433.

The CVE number helps researchers keep a track of the flaw or vulnerabilities, and Google cites these CVE numbers in the changelog if it has patched the flaws in the monthly Android updates. There is a second flaw, which has been assigned CVE-2023-21434, and it allows attackers to execute JavaScript on a Galaxy handset.

According to the research report, the attacker can easily allow bad actors to access personal data, which could also result in the app crashing. Because of these vulnerabilities in the Galaxy Store app, an attacker can install any app on the user's Samsung phone without their knowledge, and it poses a huge security risk.

Samsung has already released an updated version that fixes two vulnerabilities

NCC shared that an ADB (Android Debug Bridge) instructs an app to install the “Pokemon Go” app by submitting an intent to the app store with the desired target application. The intent also gives information on whether the app was opened or not after the installation, giving attackers more choices in attacking the users. Researchers found that the webviews in the Galaxy Store contain a filter that isn't properly configured.

Tapping the malicious link on Google Chrome or via a pre-installed rogue application on a Samsung device can bypass the URL filter and launch a webview that is controlled by the attacker.

Unfortunately, not all Samsung devices cannot upgrade the Galaxy Store app to its latest version. However, if you have a Galaxy device running Android 13, then CVE-2023-21433 cannot exploit your device, thanks to the security features of the OS. Samsung released a new version 4.5.49.8 on the very first day and announced that it had patched two vulnerabilities in the Galaxy Store. So, if you haven't updated the Galaxy Store app on your Android 13 running Galaxy phone, we would suggest you do that right away.

PhoneTablet Android 13Galaxy Store
Galaxy AI summarized

Scroll for more related content
News For You

You might also like

You will soon require a Samsung account to access the Galaxy Store

You will soon require a Samsung account to access the Galaxy Store

Samsung has announced that starting September 25, users will be unable to access the Galaxy Store without a Samsung account. A Samsung account will be needed for downloading and updating apps on the store. Right now, apps can be downloaded and updated from the Galaxy Store even if you don't have a Samsung account added […]

  • By Abhijeet Mishra
  • 2 months ago
Android’s Theft Detection feature starts rolling out

Android’s Theft Detection feature starts rolling out

Every year, Google adds new privacy and security features to Android smartphones and tablets. It has started rolling out a new feature that is meant to reduce phone theft by locking a phone that has been snatched. This makes the phone unusable for the snatcher and increases the user's data privacy and security if it […]

  • By Asif Iqbal Shaik
  • 2 months ago
A few Galaxy Store services will be unavailable during this period

A few Galaxy Store services will be unavailable during this period

On Samsung smartphones and tablets, not many people use the Galaxy Store for anything else other than downloading and updating the company’s apps. So, even if some of its main services are down, not many people would notice it and it won’t affect people majorly. That being said, the South Korean tech giant has just […]

  • By Abid Iqbal Shaik
  • 4 months ago
Galaxy A53 gets Android 14 (One UI 6.0) update in India

Galaxy A53 gets Android 14 (One UI 6.0) update in India

The Galaxy A53 started getting access to the stable Android 14 update last week, but it was limited to users in the UK. Now, Samsung has released the stable Android 14-based One UI 6.0 update to the Galaxy A53 in India. However, the update is currently limited to those who were beta-testing One UI 6.0 […]

  • By Asif Iqbal Shaik
  • 11 months ago
Google Cast controls are now compatible with media player widget

Google Cast controls are now compatible with media player widget

Google Cast is among the best media casting protocols in the world right now, and it comes built into Android, Android TV/Google TV, and several soundbars and speakers. However, its controls weren't as seamlessly integrated with Android as they should have been. That's changing now, though. Earlier, Google Cast media controls showed up as a […]

  • By Asif Iqbal Shaik
  • 11 months ago
Samsung Galaxy A05 Indian variant gets Bluetooth SIG certification

Samsung Galaxy A05 Indian variant gets Bluetooth SIG certification

After launching the Galaxy A05s in India last month, Samsung is all set to launch another Galaxy A-series phone, i.e., the Galaxy A05 in the country. News about the upcoming Samsung Galaxy A05 has been pouring in for some time, and it was earlier reported that the phone will be pricier than its predecessor. While […]

  • By Sagar Naresh
  • 1 year ago