You can see previous news in the old version of the news blog. Watch
Samsung closes two vulnerabilities in the Galaxy App Store - they allowed you to secretly install applications and execute malicious code.
At the end of December last year, NCC Group cybersecurity experts discovered vulnerabilities in the Samsung Galaxy App Store and warned the manufacturer about it. On January 1, the company released an updated version of the client (220.127.116.11), and now the researchers have released the technical details of the incident.
To exploit the first vulnerability, local access to the victim's device is required, but, according to experts, this is not a problem for experienced attackers. As a demonstration, the researchers showed how to bypass the owner to install the Pokemon Go gaming application on the gadget, although hackers could choose something more dangerous. Devices running Android 13 are not affected, even in combination with the outdated store client, but in practice this will not help much yet: according to AppBrain analytics, only 7% of all Android devices are controlled by the latest version of the platform, and unsupported versions of the system (Android 9.0 and older) hold 27% of the market.