A vulnerability has been reported in the Samsung Galaxy Store app which could allow a local attacker to install an unwanted app on your phone.
Samsung Galaxy smartphones have been dominating the phone segment for quite a long time now. Millions of users rely on Samsung Galaxy smartphones for their day to day conversations. As the phones are getting smarter, they are not just used for calls and messages. The smartphones are now also used for banking transactions, photography, online meetings and others which means that these devices store some of your most sensitive information. To keep such data safe, the Korean tech giant rolls out security updates for its devices and apps from time to time. Although Samsung recommends users to run the latest version of their apps to have a more secure and features rich experience, a few users opt to run the older version of apps for ease of use but it's worth noting that older apps versions are easier to exploit. One such vulnerability has been spotted in the Samsung Galaxy Store app and the Indian government has issued a warning for Samsung Galaxy users.
The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has revealed that a vulnerability has been reported in the Samsung Galaxy Store app which could allow a local attacker to install an unwanted app or execute arbitrary code on the targeted phone. The vulnerability will affect Samsung Galaxy smartphone users with Samsung Galaxy Store app version prior to 4.5.49.8.
According to CERT-In, this vulnerability exists in Samsung Galaxy Store app due to a flow in exported activity which does not handle incoming intents in a safe manner. A local attacker could exploit this vulnerability by sending a specially-crafted request. Successful exploitation of this vulnerability could allow a local attacker to install applications from the Galaxy App Store without the user's knowledge on the targeted device.
An attacker can also exploit the vulnerability if you tap a malicious hyperlink in google chrome or a pre-installed rogue application. A local attacker can bypass Samsung’s URL filter and launch a webview to an attacker-controlled domain.
To avoid any swindling, you should install the latest version of the Samsung Galaxy Store app right away.
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Samsung Galaxy Phone")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}