It has been reported that A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting the issue.
While I am heartened to hear that a security researcher had found the bug and Samsung took the necessary measures to fix the issue, Samsung device owners shouldn’t breathe a sigh of relief quite yet. Users will want to make sure their devices have the latest version of the Galaxy Store app, while also keeping their device’s Android operating system updated to the latest available version to fix other security holes that could be used by the bad actors of the world to take control of their device.”Also commenting on the story is Paul Bischoff, Consumer Privacy Advocate at Comparitech:
Samsung owners should immediately update their app store apps to prevent being attacked. Thankfully, a security researcher reported the issue to Samsung before any exploits were reported in the wild. But now that hackers know where to look, users who fail to update could fall victim to an attack.