Samsung has released a Galaxy Store app update to fix vulnerabilities that could potentially allow malicious sources to install apps without a user’s permission. Two vulnerabilities were reportedly detected on the Galaxy Store by a research team. These vulnerabilities have only been affecting handsets running Android 12 or lower. Android 13 users are not affected by this. Users can open the Galaxy Store on their phones, and download and install the latest Galaxy Store app version 4.5.49.8.
According to a report by NCC research team, the Galaxy Store app, which comes pre-installed on Galaxy smartphones, has been detected with two security vulnerabilities CVE-2023-21433 and CVE-2023-21434. The vulnerabilities allow hackers to install malicious apps on vulnerable Samsung handsets without the owner’s permission as well as execute JavaScript by launching a Web page.
The report shares that a pre-installed rouge application or malicious hyperlink in Google Chrome on Galaxy phones running Android 12 bypass Samsung’s URL filter and install any application available on the Galaxy Store. Further, they even launch a webview controlled by the attacker. Notably, these vulnerabilities have only been affecting Galaxy phones running Android 12, while Android 13 supported phones are safe.
Hence, to fix these bugs, Samsung has rolled out an updated version of the Galaxy Store app (version 4.5.49.8). Users can head to the Galaxy Store settings on their phones, and download and install the latest version of the app. Samsung has rated the abovementioned vulnerabilities as Moderate risks.
The Galaxy Store was reported to distribute malicious apps asking for excessive permissions, including access to the phone, earlier as well. In December 2021, different Showbox movie piracy app clones available on Galaxy Store were spotted infecting devices with malware. Tipster Max Weinbach reported a similar type of issue that was previously discovered on Huawei phones. He shared that the Showbox-based app installations from the Galaxy store were stopped by Google’s Play Protect warning. At least five of the Showbox-based apps were infected with dangerous malware.