Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices

Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices
A now-patched security flaw has been disclosed in the Galaxy Store app for #Samsung devices that could potentially trigger remote command execution on affected phones.

The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting the issue.

"Here, by not checking the deep link securely, when a user accesses a link from a website containing the deeplink, the attacker can execute JS code in the webview context of the Galaxy Store application," SSD Secure Disclosure said in an advisory posted last week.

XSS attacks allow an adversary to inject and execute malicious JavaScript code when visiting a website from a browser or another application.

More at https://thehackernews.com/2022/10/samsung-galaxy-store-bug-couldve-let.html