Samsung: Serious security vulnerabilities in smartphones – what users should do

Galaxy App Store
Serious vulnerabilities in Samsung smartphones – what users should do now

Attackers can cause great damage not only on the PC but also on the smartphone. In order to protect your device from malicious codes, you should therefore be careful. In fact, there are currently two vulnerabilities in Samsung’s Galaxy App Store, cybersecurity firm NCC Group recently reported. Attackers could install any application currently available from the Galaxy App Store. As a result, manipulated software that was smuggled into the Galaxy App Store could be spread unnoticed on the user’s smartphone. The vulnerability is named “CVE-2023-21433”.

The second vulnerability (“CVE-2023-21434”) affects a URL filter in the web view of the Galaxy App Store. This actually limits which domains can be surfed to. However, an incorrect configuration could also lead to malicious sites being accessed via a link, such as Google Chrome or a manipulated app. JavaScript could then be executed, allowing malicious code to be installed on the system. Only Samsung devices with the Android 12 operating system or lower are affected by the vulnerabilities.

Samsung releases update for Galaxy App Store

The experts from the “NCC Group” had already informed Samsung about the security gaps at the end of November, whereupon the electronics company classified them as a risk in mid-December and published an update (version 4.5.49.8) for the Galaxy App Store on January 1st. If you haven’t installed it yet, you should do so as soon as possible. Even if devices with Android 13 are not affected by the security gaps, users should update their Galaxy App Store to the latest version to prevent possible problems.

Sources: NCC Group

nk