Press "Enter" to skip to content

Samsung Galaxy users need to update Galaxy Store right away


Attention Samsung Galaxy users. You need to update the Galaxy Store on your phone to the latest version right away. Security researchers have discovered a couple of critical vulnerabilities in the app. Version 4.5.49.8 or newer of the app patches those vulnerabilities.

Security researchers report two major vulnerabilities in the Galaxy Store

Researchers at the cybersecurity firm NCC Group recently detailed two major vulnerabilities in the Galaxy Store. Identified by the Common Vulnerabilities and Exposures (CVE) number CVE-2023-21433, the first flaw allows local attackers to install apps from the store on your phone without your knowledge. A pre-installed rogue app can be used to exploit this vulnerability. Attackers can automatically install apps from the Galaxy Store without you noticing anything.

The other flaw was assigned the CVE number CVE-2023-21434. It was caused by an improperly configured webview within the Galaxy Store, allowing the webview to bypass restrictions and browse an attacker-controlled domain. Attackers could bypass Samsung’s URL filter by either having victims tap a malicious hyperlink in Google Chrome or through a pre-installed rogue app on their Galaxy device. They can then execute JavaScript by launching a web page.

NCC Group discovered these vulnerabilities in the Galaxy Store between November 23 and December 3 last year. The security firm found that versions 4.5.44.1 and 4.5.48.3 of the app were affected by the flaws, though other versions might also be affected. It immediately notified Samsung about both issues. The Korean firm also swung into action right away and confirmed the vulnerabilities within two weeks of receiving the reports.

Just came in:  Twitter blocks free access to its API, paid version coming soon

On January 1, 2023, the company released an update for the Galaxy Store to version 4.5.49.8. This update patched both vulnerabilities. If you are using an older version of the app on your Galaxy smartphone or tablet, you should update to the new release immediately. According to the researchers, security measures in Android 13 prevent the exploitation of the first issue (CVE-2023-21433). But Galaxy devices running Android 13 are still vulnerable to the other flaw. It’s advisable to install the latest update to address potentially other issues as well.

How to update the Galaxy Store on your Samsung device?

The Galaxy Store app should automatically prompt you to install the latest version when you open it. Simply follow the instructions to update the app. If you don’t see any prompt, you can also manually check for updates. Go to the Menu tab and tap on the Settings button. Now scroll down and tap on About Galaxy Store. If an update is available, you should be able to see it there. Make sure that you have version 4.5.49.8 or newer of the Galaxy Store installed.

The post Samsung Galaxy users need to update Galaxy Store right away appeared first on Android Headlines.

Source