The Samsung Galaxy Store app has proven to be vulnerable to sneaky app installs and scams

News Summary:

  • The Samsung Galaxy Store, formerly known as Samsung Apps and Galaxy Apps, is an app store exclusively for Android devices manufactured by Samsung. Released in September 2009. The first of the two vulnerabilities, CVE-2023-21433, could allow a malicious Android app pre-installed on Samsung devices to install arbitrary applications available in the Galaxy Store. Samsung describes it as a case of improper access controls with appropriate permissions applied to prevent unauthorized access. Note that this flaw only affects Samsung devices running Android 12.

  • Two vulnerabilities have been discovered in Samsung’s Galaxy Store app for Android. This vulnerability could be exploited by a local attacker to covertly install arbitrary apps or redirect potential victims to a fake Internet landing page. The issues tracked as CVE-2023-21433 and CVE-2023-21434 were discovered by the NCC Group and reported to South Korean chaebol in November and December 2022. Samsung classified the bug as medium risk and released a fix in version, which shipped earlier this month.

Not devices running the latest version (Android 13). The second vulnerability, CVE-2023-21434, relates to an instance of improper input validation when restricting the list of domains that can be launched as a WebView from within an app, effectively allowing an attacker to Bypass filters and browse domains under their control. “Tapping a malicious hyperlink in Google Chrome or tapping a malicious application pre-installed on a Samsung device can bypass Samsung’s URL filters and launch a web view to an attacker-controlled domain.


Said NCC Group researcher Ken Gannon. This update came when Samsung rolled out a security update in January 2023 to fix some bugs. Some of the bugs can be exploited to modify carrier network parameters, control his BLE advertising without permission, and execute arbitrary code.