These security flaws could let hackers install anything they wanted in the Samsung Galaxy App Store

Samsung has patched two vulnerabilities in its mobile app marketplace that could have allowed threat actors to install any app on a target...

Samsung has patched two vulnerabilities in its mobile app marketplace that could have allowed threat actors to install any app on a target mobile device without the device owner’s knowledge or consent.

Cybersecurity researchers from the NCC Group discovered the vulnerabilities in late December 2022 and tipped Samsung off, with the company issuing a patch (version 4.5.49.8) on January 1 2023.

Now, almost a month after the flaw was addressed, the researchers published technical details and a proof-of-concept (PoC) exploit code.

Installing malicious apps

The first flaw is tracked as CVE-2023-21433, an improper access control flaw that can be used to install apps on the target endpoint. The second flaw, tracked as CVE-2023-21434, is described as an improper input validation vulnerability, which can be used to execute malicious JavaScript on the targeted device. 

While local access is required in the exploiting of both vulnerabilities, for skilled criminals that’s a non-issue, it was said. The researchers demonstrated the flaws by having the app install Pokemon Go, a globally popular geolocation game based on the world of Pokemon. 

While Pokemon Go is a benign app, the flaws could have been used for more sinister goals, the researchers confirmed. In fact, threat actors could have used them to access sensitive information or crash mobile apps. 

It also needs to be mentioned that Samsung devices running Android 13 are not vulnerable to the flaw, even if their device still carries an older, vulnerable version of the Galaxy Store. 

This is due to additional security measures introduced in the latest version of the popular mobile OS. 

However, according to figures from AppBrain, just 7% of all Android devices are sporting the latest version, while unsupported versions of Android (9.0 Pie and older) make up roughly 27% of the entire Android market share. 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/wIV8B4c
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: These security flaws could let hackers install anything they wanted in the Samsung Galaxy App Store
These security flaws could let hackers install anything they wanted in the Samsung Galaxy App Store
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/01/these-security-flaws-could-let-hackers.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/01/these-security-flaws-could-let-hackers.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy