Samsung Galaxy Store Vulnerabilities Patched

January 23, 2023

Cybersecurity firm NCC Group has identified two vulnerabilities in Samsung's Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page. Tracked as CVE-2023-21433, the first vulnerability could allow rogue applications on a device to download and install additional software from the Galaxy Store, without the user's knowledge. The second vulnerability, CVE-2023-21434, is described as an improper input validation issue that could allow a local attacker to execute JavaScript code by launching a web page. NCC Group has published proof-of-concept (PoC) code for both these vulnerabilities and reported them to Samsung in November and December 2022. Both issues were addressed in Galaxy Store version 4.5.49.8. Owners of Samsung devices running Android 12 or below are advised to update to the latest version of Galaxy Store as soon as possible.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.