Apps
Samsung Galaxy Store had critical auto apps installation flaws
Researchers from the NCC Group discovered two CVEs in Samsung’s official app store. As detailed by the researchers, these two flaws in Samsung Galaxy Store could enable attackers to install any app without the user’s knowledge or to direct victims to a malicious web location.
Fixed with Samsung Galaxy Store app version 4.5.49.8, the flaws were discovered by NCC Group researchers between November 23 and December 3, 2022. In a recent development, researchers at NCC Group disclosed (via Mishaal Rahman) technical details for the two security issues with proof-of-concept.
Follow Sammy Fans on Google News
Technical details and backend code aside, let’s discuss the impact of these security flaws on Samsung devices.
These CVEs could not have affected devices running the latest Android 13-based One UI 5. As noted in the report, a pre-installed rouge application on a Samsung device running Android 12 or below can abuse this issue to install any application currently available on Galaxy App Store.
Join Sammy Fans on Telegram
In order to fix these CVEs, the South Korean tech giant has pushed an updated version of the Galaxy Store (version 4.5.49.8). In case you have a Galaxy device running below Android 12, you should install the latest version of Galaxy Store to ensure your data privacy.
NCC Group found that “a webview within the Galaxy App Store contained a filter that limited which domains that webview could browse to.” Regardless the developers have not correctly configured it, which would allow the webview to browse to an attacker-controlled domain.
Galaxy Store CVEs:
- Technical Advisory: Improper access control could allow local attackers to install applications from the Galaxy App Store (CVE-2023-21433)
- Technical Advisory: Improper input validation could allow local attackers to execute JavaScript by launching a web page (CVE-2023-21434)
Proof-of-concept
Samsung has rolled out a new update for its Checkout app with version 5.0.76.5. This update makes the app better and fixes some issues for a smoother experience.
The latest version fixes bugs that were present in earlier versions. You can expect fewer glitches and a smoother experience when using the app for your transactions. With these fixes, the app should be more reliable, making your payment process quicker and easier.
Besides fixing issues, the latest update also includes enhancements that make the app run better. These improvements make the app more user-friendly and useful. However, there are no new features or changes noted but the update will surely provide a better experience.
Samsung Checkout is a useful app for managing your payments and transactions. It is a billing application for purchasing paid content from Samsung Content services. By updating to this latest version, you’ll benefit from these performance boosts and fixes.
It’s important to keep your apps updated, as updates not only bring new features but also ensure that the app runs smoothly and securely. To install this update, you just need to open the Galaxy Store, then tap on the Menu icon, and click on the Updates option.
Alternatively, you can download the update through the third-party app link mentioned here.
WhatsApp is updating its app for Android devices with a useful feature for group calls with a new update. The latest version arrives with version 2.24.19.14 and is available through the Google Play Beta Program.
With the latest update, WhatsApp brings a new ability to create call links directly within group chats. Before, you had to go to the calls tab to generate a link for voice or video calls. Now, the latest update lets you make a call link from the chat itself.
Through this update, you don’t need to ring everyone in the group to start a call. Instead, you can share a link in the group chat to join the call. The new feature makes it easier to start and join calls in group chats.
Once you create the link, you can easily send it to the group, and members can join the call by clicking the link whenever they want. It’s particularly useful for big groups or people in different time zones who may not be available at the same time.
The call link feature of group chats is currently available through the WhatsApp beta update. The company will soon make it available for all users in upcoming stable updates.
WhatsApp Beta update introduces new feature for managing contact syncing
Samsung has released a new update for its Blockchain Wallet app with version 1.4.09.4. This update brings a fix for an issue that users have been experiencing with transferring certain ERC20 tokens.
Users had trouble transferring some of the ERC20 tokens, which could be frustrating and problematic. The new update fixes these transfer issues to make the wallet app more reliable and easier to use for managing digital assets.
In addition to this, the update also fixes some minor issues that users encountered in the previous version. It also enhances some functions to provide a smoother experience.
Samsung Blockchain Wallet is a non-custodial virtual asset wallet service that allows you to send virtual assets to others and enjoy recommended Apps.
Moreover, this app enables you to securely sign and authorize virtual asset transactions using your virtual asset private key, which is kept in a secure enclave built into your Samsung Galaxy device. With the fresh update, you can enjoy the enhanced functionality.
The latest version of the Samsung Blockchain app is available on the Galaxy Store with an installation package size of 64.04 megabytes. You can check and install the update from Galaxy Store >> Menu option >> Updates. Also, you can download the update directly from the third-party app link mentioned here.