Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Can install arbitrary application / boot to malicious website, Samsung Galaxy Store exposed two security vulnerabilities

2025-01-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)11/24 Report--

CTOnews.com, January 21, NCC Group researchers found that there are two CVE vulnerabilities in Samsung's official app mall. Attackers can use these two vulnerabilities to install arbitrary applications without the user's knowledge, or direct the victim to a malicious Web address.

NCC Group researchers identified these two vulnerabilities between November 23 and December 3, 2022, and Samsung fixed them in Galaxy Store version 4.5.49.8. NCC Group researcher Mishaal Rahman disclosed these two vulnerabilities today.

CTOnews.com learned that Samsung devices that have been upgraded to Android 13 / OneUI 5.0 will not be affected, and Samsung devices running Android 12 and earlier will not be affected after upgrading to the new version.

NCC Group found that a webview in Galaxy App Store contains a filter that limits the fields that webview can browse. This will allow webview to browse to the domain controlled by the attacker, regardless of whether the developer has configured it correctly.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Two vulnerabilities Samsung personnel researchers research apps attackers versions devices filters Android upgrades impact attacks browsing malicious victims malls addresses vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Shulou Technology MariaDB Microsoft Linux vpn Xiaomi Shulou Tech Info Huawei Redmi macOS Docker OPPO Reno NVidia MySQL Shulou Information Apple Shulou Technology MariaDB Microsoft Linux vpn Xiaomi Shulou Tech Info Huawei Redmi macOS Docker OPPO Reno NVidia MySQL Shulou Information Apple

Share To

Related

IT Information

More IT Information >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report