The Researchers Of The Cyber Security Company NCC Grou Have Identified Some Vulnerabilities In The Galaxy Store Application For Samsung Galaxy Phone Owners And Asked Users To Update It To Fix This Problem.

These vulnerabilities detected between November 23 and December 3, 2022, allowed an attacker to install any app from the Galaxy Store without the user’s knowledge.

This flaw has been assigned the Common Vulnerability and Risk number CVE-2023-21433. Giving each vulnerability a CVE number allows researchers to track it, and Google refers to these numbers when fixing them in monthly Android updates.

The second flaw was CVE-2023-21434which, allowing attackers to execute JavaScript on a Galaxy phone.

Depending on the attacker’s intent, an attack exploiting the vulnerabilities could allow them to access a user’s data and cause applications to crash, according to the report.

Suppose an attacker uploads a malicious app to the Galaxy Store before exploiting the flaws.

In that case, they can install it on a Galaxy smartphone without the owner’s knowledge, leading to serious security issues.

Once the attack is initiated, the user clicks on a malicious hyperlink displayed in the Google Chrome browser (using a Samsung Galaxy phone) or installs a malicious application on the Galaxy phone, allowing attackers to bypass Sammy’s URL filter and a web view to Provides a domain controlled by attackers.

According to NCC: “Galaxy Store involves an information export activity with no secure management of inputs.” This lack of security allows other apps installed on the same Samsung device to automatically install any additional apps available in the Galaxy Store without the user’s knowledge.

The report also says that a malicious pre-installed app on a Samsung device running Android 12 or lower could exploit this issue to install any app available in the Galaxy Store.

The CVE-2023-21433 flaw cannot be exploited on Samsung phones running Android 13 due to the structure of the security features of Google’s latest mobile operating system. Furthermore, on the first day of 2023, Samsung announced a fix for these two vulnerabilities and released Galaxy Store version 4.5.49.8.

Ensure you’re running the latest version of the Galaxy Store on your Galaxy phone, even with Android 13. This verification is necessary due to the possibility of other issues related to the older Galaxy Store build.

How to update Galaxy Store on Samsung phone

To update the Galaxy Store on your phone, open the Galaxy Store app, tap the update notification, and follow the instructions. If you don’t see the information, go to Menu > Settings after opening the app. Tap About Galaxy Store and Update. Because this update was released on January 1, you may already have it installed.

Owners of older Samsung Galaxy phones no longer receiving firmware updates may find that their Galaxy Store app is broken due to not receiving the update. In this case, you can buy a new phone or delete the Galaxy Store. Uninstalling it is not a good solution, as Samsung apps update for your device through Galaxy Store.

If you don’t want to buy a new phone, don’t install unwanted apps (other than Samsung’s pre-installed apps) on your device.