Cybersecurity firm NCC Group disclosed two vulnerabilities in Samsung’s Galaxy Store that could be exploited by launching a web page to install applications or execute JavaScript code.
The Galaxy Store, an alternative app store, is pre-installed on Samsung’s Android devices and works in conjunction with Google Play to download and install apps. The first vulnerabilities identified by NCC Group and tracked as CVE-2023-21433 could enable malicious applications to download and install additional software from the Galaxy Store on a device without the user’s knowledge.
According to the problem’s description, the app store contained an exported activity that was unable to handle incoming intents safely.
Read More: Samsung Galaxy Store Flaws Can Lead to Unwanted App Installations, Code Execution
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
