The Galaxy App Store, the official cellular app retailer accessible on Samsung gadgets, has two vulnerabilities, which, if exploited, may permit risk actors to put in a malicious utility with out the consumer ever realizing it is taken place.
The subject solely impacts gadgets with Android 12 and decrease, in keeping with an evaluation from NCC Group.
The first vulnerability, tracked as CVE-2023-21433, lets attackers set up functions from the Galaxy App Store. The second, tracked as CVE-2023-21434, may let attackers launch a Web area they management and execute JavaScript, the NCC Group report on the bugs defined.
“Samsung has launched an up to date model of the Galaxy App Store (model 4.5.49.8),” NCC Group’s Ken Gannon stated. “Users ought to open the Galaxy App Store on their cellphone, and, if prompted, obtain and set up the most recent model.”