Advisory ID: NCC-CSIRT-2601-006
Summary: Ken Gannon, a cybersecurity researcher from NCC Group discovered new vulnerabilities in the Galaxy App Store application on Samsung devices that are running Android 12 and below. Successful exploit could allow local attackers to install malicious applications or execute JavaScript code by launching a specific web page. Furthermore, it allows the malicious applications installed on the same Samsung device to automatically install any application available on the Galaxy App Store without the user’s knowledge.
Vulnerable Platform(s): Samsung Android device
Threat Type:
- Vulnerability
Product : Galaxy App Store Android Application
Version: Version 4.5.44.1, and 4.5.48.3
Description: On Samsung's Android devices, the Galaxy App Store is pre-installed and can be used in addition to Google Play to download and install software. According to Ken Gannon, the Galaxy App Store has two vulnerabilities. The Improper access control vulnerability, which resulted from exported activity on the Galaxy App Store not handling incoming intents in a safe manner. This allows other applications installed on the same Samsung device to automatically install any application available on the Galaxy App Store without the user’s knowledge. The second vulnerability is the improper input validation, which came up because of a webview in the Galaxy App Store having a filter that restricted the URLs it could browse. However, the filter was not properly configured, which would allow the webview to browse to an attacker-controlled domain.
Consquences:
Bypass Samsung’s URL filter and launch a webview to a domain specified by an attacker.
Impact/Probability: CRITICAL/HIGH
Solution :
For Samsung devices running Android 12 or lower, follow the steps below to update to the latest Galaxy App Store (version 4.5.49.8):
- Open the Galaxy App Store, tap your profile picture, and then tap Manage apps & device.
- Tap Update
References:
https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/
https://www.securityweek.com/samsung-galaxy-store-flaws-can-lead-unwanted-app-installations-code-execution/
https://www.infosecurity-magazine.com/news/vulnerabilities-found-galaxy-app/
https://www.securityweek.com/samsung-galaxy-store-flaws-can-lead-unwanted-app-installations-code-execution/