On November 23rd and December 3rd, 2022, experts from the NCC Group identified two vulnerabilities in the Galaxy App Store application. These vulnerabilities could potentially allow malicious sources to install apps without a user’s consent or redirect users to harmful websites. The issue was found to stem from an exported activity within the app store that does not securely handle incoming intents, allowing other apps on the same device to automatically install any app from the Galaxy App Store. However, Samsung released a new update for the Galaxy App Store that fixes the said issue.

Samsung Galaxy S10

The NCC Group’s analysts have provided a proof-of-concept demonstration, using an “ADB” (Android Debug Bridge) command to install the popular game “Pokemon Go” via an intent submitted to the app store. It appears that there may be a vulnerability in certain Samsung devices running Android 12 or below, which allows for the potential installation of rogue applications. However, it should be noted that this issue does not affect devices running Android 13. 

Additionally, it was discovered that a webview within the Galaxy App Store had a filter that was not properly configured, which could allow local attackers to execute JavaScript on a target device. As NCC explains, this could occur by clicking on a malicious hyperlink in Chrome, or through the use of a pre-installed rogue application on a Samsung device. The proof-of-concept for this vulnerability includes a malicious hyperlink that, when clicked, opens a website with harmful JavaScript and executes it on the target device.

As mentioned previously, Samsung has since issued a fix for the vulnerability. The company has rolled out an updated version of the Galaxy App Store (version 4.5.49.8). Users should download it at the earliest to avoid the risk of another security breach.

RELATED:

(Source, Via)

RELATED ARTICLESMORE FROM AUTHOR