Through vulnerabilities, malware can be installed on users’ devices.
If lucky, ethical hackers find vulnerabilities in consumer products before their limping colleagues in the wrong way, in which case the manufacturer itself is notified first, and when the relevant patch actually arrives, the public can become aware of the problem.
This happened recently with Samsung, whose cybersecurity company NCC Group discovered two critical vulnerabilities in its own app store, the Samsung Play Store.
the CVE-2021-21433 and CVE-2022-21434 Recorded backdoors were discovered at the beginning of December, and Samsung released update 4.5.49.8 to the App Store on January 1st to close them. Vulnerability 21433 was an access control flaw that allowed apps to be installed on Samsung smartphones without the owner’s consent, and vulnerability 21434 allowed access to web pages containing malicious code.
The NCC group has proven the severity of vulnerability 21433 through an automated installation of the game called Pokémon Go, but it should be noted that the vulnerability can only be exploited through local access and only affects Android 12 or older operating systems.
For now, however, everyone who has installed the Galaxy App Store update from early January is safe, so you don’t have to worry about any of the above bugs.
