Two vulnerabilities have just been discovered in the Samsung Galaxy Store. One of them, in particular, allows applications to be installed on your device without your knowledge.
Whether you own a Samsung smartphone or tablet, update the Galaxy Store app to fix two security holes that are putting your devices at risk.
Two vulnerabilities in the Samsung Galaxy Store
Launched in 2009, the Samsung Galaxy Store, formerly known as “Samsung Apps” and “Galaxy Apps”, is an app store found only on devices manufactured by Samsung.
This week, cybersecurity researchers from NCC Group uncovered two vulnerabilities in the Galaxy Store. The first, through “incorrect access control”, allows a malicious application already installed on the device to download any other application from Samsung Store.
The second vulnerability concerns the Galaxy Store’s improperly configured web display filter, which allows access to malicious domains if they contain elements resembling an approved URL. A problem that allows hackers to run JavaScript code to launch attacks, as Ken Gannon, a researcher at NCC Group, explains:
“Clicking on a malicious hyperlink in Google Chrome or a malicious app preinstalled on a Samsung device can bypass Samsung’s URL filter and launch a web view to an attacker-controlled domain. »
Samsung says it fixed this bug in Galaxy Store version 4.5.49.8, but it requires updating the app on your device. Also, users with Android 13 are not affected thanks to the security features of the operating system. Only people with a smartphone or tablet with Android 12 or older are affected.
An update that comes after Samsung deployed a security patch in January 2023. The latter fixed several bugs, some of which could be exploited to change the network settings of the mobile operator or to display advertisements without the user’s consent.
Update your Android device
Updating your Android smartphone or tablet is very easy and will allow you to enjoy the latest features but also protect yourself from certain threats like the ones mentioned above. Here we explain how to update Android easily.
Beyond the major Android updates, manufacturers offer security updates every month, every two months, or every quarter. These are not to be neglected insofar as they sometimes correct significant defects that expose your device to certain risks.
We also invite you to download and install the latest version of the Play Store, Google’s application store. The latter gives you the possibility to automatically update the applications installed on your Android device.
Source: NCC Group