Beware of Malicious Apps on Samsung Galaxy Store – Update Your App Now!

CVECVE-2023-42580
CVSScvssV3_1: 7.5
SourceCVE-2023-42580

The Samsung Galaxy Store, which is used to download apps on Samsung Galaxy devices, had a vulnerability that could allow hackers to install malicious apps on users’ phones without their consent.

The vulnerability, tracked as CVE-2023-42580, was an issue with how URL links were validated by the Galaxy Store app. Hackers could craft specially crafted deep links that the app would not properly verify, allowing them to execute JavaScript code and potentially install arbitrary APK files from external sources.

This puts users at risk as the installed app would have the same permissions and access as if installed through the official Galaxy Store interface. It could then steal private user data like contacts, photos or bank details. It may also display unwanted ads or subscribe the user to premium services without their knowledge.

The good news is that Samsung has released an update to Galaxy Store version 4.5.64.4 which fixes this vulnerability. All Samsung Galaxy users are highly recommended to update their Galaxy Store app to the latest version from the Google Play Store as soon as possible to protect themselves from any potential attacks. You should also be cautious about apps you install from unknown third-party sources outside of official stores like Galaxy Store and Google Play.

References