The Samsung Galaxy Store vulnerable to hackers, install the update quickly

Two security vulnerabilities have just been spotted on the Samsung Galaxy Store. One of them allows in particular to install applications on your device without your knowledge.

Whether you have a Samsung smartphone or tablet, update the Galaxy Store app to fix two security vulnerabilities that put your devices at risk.

Two security flaws in the Samsung Galaxy Store

Launched in 2009, the Samsung Galaxy Store, formerly known as “Samsung Apps” and “Galaxy Apps”, is an app store found only on devices manufactured by Samsung.

This week, cybersecurity researchers from the NCC Group revealed two vulnerabilities in the Galaxy Store. The first, through “incorrect access control”, allows a malicious application already installed on the device to download any other application from the Samsung store.

The second vulnerability concerns the Galaxy Store web display filter which has not been correctly configured and which allows access to malicious domains as long as they contain elements similar to an approved URL. A problem that allows hackers to execute JavaScript code to launch attacks, as Ken Gannon, a researcher at the NCC Group, explains:

“Clicking on a malicious hyperlink in Google Chrome or a malicious app pre-installed on a Samsung device can bypass Samsung’s URL filter and launch a webview to an attacker-controlled domain. »

Samsung says it fixed this flaw in Galaxy Store version 4.5.49.8, but it requires updating the app on your device. Also, it does not affect users who have Android 13, thanks to the operating system’s security features. Only people with a smartphone or tablet running Android 12 or earlier are affected.

An update which comes after the deployment by Samsung in January 2023 of a security patch. The latter fixed several flaws, some of which could be exploited to modify the mobile operator’s network settings or display advertising without the user’s consent.

Update your Android device

Very simple to do, updating your Android smartphone or tablet allows you to take advantage of the latest features, but also to protect you from certain threats such as those we mentioned above. We explain here how to update Android simply.

Beyond major Android updates, manufacturers offer security updates every month, every two months or every quarter. These are not to be ignored insofar as they correct sometimes significant flaws that expose your device to certain risks.

We also invite you to download and install the latest version of the Play Store, Google’s application store. The latter will give you the possibility to automatically update the applications installed on your Android device.

Source :

NCCGroup