Samsung phones have serious vulnerabilities in galaxy store

Samsung has released an important update to the Galaxy Store, the app store present on all its phones. It fixes critical security holes that allowed third-party applications to remotely control the smartphone and extract information from it.

a cve 2023 21433 cve 2023 21434 — Credits: *NCC Group*

The vulnerability was reported by Researchers at ncc group and is identified by code CVE-2023-21433 in Common Vulnerabilities and Exposures.

However, this is not the only security hole in the Galaxy Store, as another identified by code CVE-2023-21434 and allows attackers to execute JavaScript codes on the mobile phone.

b cve 2023 21433 cve 2023 21434 — Credits: *NCC Group*

With a JavaScript command the hacker can perform various tasks such as leaking information present on the device, in addition to taking advantage of the first security breach to install applications on the smartphone, which can even result in the hijacking of accounts and blocking the device.

The good news is that the vulnerability that allows the installation of apps on the phone is not present on devices with Android 13, which brings native protection against it, but we recommend that you update the Galaxy Store, because the second security hole can only be fixed in this way.

To install the latest version of the Galaxy Store open the store app, tap > Settings > About the Galaxy Store.