According to the reports, two security exploits have been found in Samsung’s Galaxy Store app for Android. These vulnerabilities allow the hacker to install any app in the Galaxy store app without the user’s consent and make them the victims of a malignant web location.
The tracked exploits CVE-20233-21433 and CVE-2023-21434 were discovered by the NCC group and informed the South Korean chaebol in November and December 2022. Samsung segregates the bugs as average risk and released fixes of version 18.104.22.168 on January 1, 2023.
Samsung Galaxy, also known as Samsung galaxy apps, is used in Android devices. Samsung galaxy apps is a downloading app for Samsung phones, launched in September 2009.
Forcibly installs any app from the Galaxy store on mobile phones
Out of the two vulnerabilities, the first one is CVE-2023-21433, which allows the already installed mischief Android app on a Samsung device to install any application available on the Galaxy store. Samsung defined it as a case of inappropriate access control that it said has been patched with actual permissions to stop prohibited access.
Note that this issue only affects Samsung devices that are running Android 12 and below, not those with Android 13
The other vulnerability is CVE-2023-21434, which mainly gives unsuitable input validation by restricting the list of domains. As a WebView, it could be put in motion within the app, allowing a threat actor to bypass the filter and browse to a field of their choosing.
As per the NCC group researcher, “Samsung’s URL filter can be bypassed by either tapping a malicious hyperlink or installing a rogue application on a Samsung device.”
In January 2023, Samsung rolled out security updates to remediate several vulnerabilities, including those that could exploit to modify carrier network parameters, control BLE advertising without permission, or execute arbitrary code.
Fix the Samsung exploit by ESOF AppSec
TAC Security’s ESOF AppSec provides you with considerable testing of the applications in various environments. It will also assist you in discovering vulnerabilities present in your web and mobile assets.
Following are the points that ESOF AppSec can do:
- A comprehensive schedule scans your entire mobile app source code, detecting security and privacy issues.
- It identifies the most critical vulnerable assets and vulnerabilities present.
- The unique feature of ESOF is the Cyber Risk Score. This score will enhance your IT stack’s security posture and save you time.
- The ESOF Scanners execute Blue Box and Black Box tests by abolishing false positives and giving accurate outcomes.
- Discovers SANS Top 25 vulnerabilities and OWASP Top 10 vulnerabilities.
- Let our apps undergo the Vulnerability assessment at the time of the entire DevSecOps cycle and remove the flaws.
- TAC’s new ESOF Prediction feature predicts the vulnerabilities based on past trends, including the patched vulnerabilities. It counts the foreseen vulnerabilities according to their severity level.
Security used to be an inconvenience sometimes, but now it’s a necessity all the time.
For more information, download ESOF AppSec Datasheet Now!