NCC Group stated that attackers can exploit the vulnerability to obtain users’ personal information and cause the program to crash. If an attacker uploads a malicious program to the Galaxy Store, the malicious program can be distributed and installed without the user’s permission, causing serious security risks.
As long as the attacker spreads the link to open the Galaxy Store on the internet, Galaxy phones with system version Android 12 or below can easily install any program available on the Galaxy Store, without their permission. Galaxy phones that have been upgraded to Android 13 are not affected by this vulnerability. Fortunately, Samsung launched version 126.96.36.199 of the Galaxy Store program on New Year’s Day 2023. As long as it is updated to this version, the above two serious vulnerabilities can be corrected. To check the version of Galaxy Store, open the program and select Menu, then click the gear icon in the upper right corner, and then click Open About Galaxy Store to see the version number.