1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • These security flaws could let hackers install anything they want

    From TechnologyDaily@1337:1/100 to All on Mon Jan 23 19:15:03 2023
    These security flaws could let hackers install anything they wanted in the Samsung Galaxy App Store

    Date:
    Mon, 23 Jan 2023 19:06:01 +0000

    Description:
    Two flaws in the Galaxy App Store allowed hackers access to sensitive information.

    FULL STORY ======================================================================

    Samsung has patched two vulnerabilities in its mobile app marketplace that could have allowed threat actors to install any app on a target mobile device without the device owners knowledge or consent.

    Cybersecurity researchers from the NCC Group discovered the vulnerabilities
    in late December 2022 and tipped Samsung off, with the company issuing a
    patch (version 4.5.49.8) on January 1 2023.

    Now, almost a month after the flaw was addressed, the researchers published technical details and a proof-of-concept (PoC) exploit code. Installing malicious apps

    The first flaw is tracked as CVE-2023-21433, an improper access control flaw that can be used to install apps on the target endpoint. The second flaw, tracked as CVE-2023-21434, is described as an improper input validation vulnerability, which can be used to execute malicious JavaScript on the targeted device.

    While local access is required in the exploiting of both vulnerabilities, for skilled criminals thats a non-issue, it was said. The researchers
    demonstrated the flaws by having the app install Pokemon Go, a globally popular geolocation game based on the world of Pokemon.

    While Pokemon Go is a benign app, the flaws could have been used for more sinister goals, the researchers confirmed. In fact, threat actors could have used them to access sensitive information or crash mobile apps. Read more

    These are the best malware removal tools right now


    These Samsung Galaxy Store apps could infect your new devices with malware


    Watch out - this Android malware has been installed millions of times
    already

    It also needs to be mentioned that Samsung devices running Android 13 are not vulnerable to the flaw, even if their device still carries an older, vulnerable version of the Galaxy Store.

    This is due to additional security measures introduced in the latest version of the popular mobile OS.

    However, according to figures from AppBrain, just 7% of all Android devices are sporting the latest version, while unsupported versions of Android (9.0 Pie and older) make up roughly 27% of the entire Android market share. Here's our list of the best endpoint protection services right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/these-security-flaws-could-let-hackers-install- anything-they-wanted-in-the-samsung-galaxy-app-store


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)