Tuesday, January 24, 2023
HomeCyber SecuritySamsung Galaxy Retailer App Discovered Weak to Sneaky App Installs and Fraud
Cyber Security

Samsung Galaxy Retailer App Discovered Weak to Sneaky App Installs and Fraud

Admin
By Admin
0
1


Jan 23, 2023Ravie LakshmananCell Hacking / App Safety

Two safety flaws have been disclosed in Samsung’s Galaxy Retailer app for Android that may very well be exploited by an area attacker to stealthily set up arbitrary apps or direct potential victims to fraudulent touchdown pages on the net.

The problems, tracked as CVE-2023-21433 and CVE-2023-21434, had been found by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung labeled the bugs as average threat and launched fixes in model 4.5.49.8 shipped earlier this month.

Samsung Galaxy Retailer, beforehand often known as Samsung Apps and Galaxy Apps, is a devoted app retailer used for Android units manufactured by Samsung. It was launched in September 2009.

The primary of the 2 vulnerabilities is CVE-2023-21433, which may allow an already put in rogue Android app on a Samsung gadget to put in any software accessible on the Galaxy Retailer.

Samsung described it as a case of improper entry management that it mentioned has been patched with correct permissions to forestall unauthorized entry.

It is price noting right here that the shortcoming solely impacts Samsung units which are operating Android 12 and earlier than, and doesn’t have an effect on these which are on the most recent model (Android 13).

The second vulnerability, CVE-2023-21434, pertains to an occasion of improper enter validation that happens when limiting the record of domains that may very well be launched as a WebView from inside the app, successfully enabling a menace actor to bypass the filter and browse to a website beneath their management.

“Both tapping a malicious hyperlink in Google Chrome or a pre-installed rogue software on a Samsung gadget can bypass Samsung’s URL filter and launch a webview to an attacker managed area,” NCC Group researcher Ken Gannon mentioned.

The replace comes as Samsung rolled out safety updates for the month of January 2023 to remediate a number of flaws, a few of which may very well be exploited to change provider community parameters, management BLE promoting with out permission, and obtain arbitrary code execution.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.





Supply hyperlink

Previous articleADU 01243: Does the SD card you employ actually matter?? What are presently the very best SD playing cards?
Next articleAzure Native Qumulo Scalable File Service gives seamless, safe knowledge storage | Azure Weblog and Updates
Admin
Adminhttps://www.elonmusk.casa
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Load more

Recent Comments

ABOUT US

elonmusk.casa is your Software Development, Mobile, Apple website. We provide you with the latest breaking news and videos straight from the technology industry.

POPULAR POSTS

POPULAR CATEGORY

copy right 2022 ©elonmusk.casa. All rights reserved.