The Galaxy App Retailer, the official cellular app retailer obtainable on Samsung units, has two vulnerabilities, which, if exploited, may permit menace actors to put in a malicious utility with out the person ever figuring out it is taken place.
The problem solely impacts units with Android 12 and decrease, in accordance with an evaluation from NCC Group.
The primary vulnerability, tracked as CVE-2023-21433, lets attackers set up purposes from the Galaxy App Retailer. The second, tracked as CVE-2023-21434, may let attackers launch a Net area they management and execute JavaScript, the NCC Group report on the bugs defined.
“Samsung has launched an up to date model of the Galaxy App Retailer (model 4.5.49.8),” NCC Group’s Ken Gannon mentioned. “Customers ought to open the Galaxy App Retailer on their cellphone, and, if prompted, obtain and set up the most recent model.”