At the end of December last year, the NCC Group’s cybersecurity experts discovered vulnerabilities in the Samsung Galaxy App Store and warned the manufacturer about them. On January 1st, the company released an updated version of the client (126.96.36.199), which the researchers have now released technical details Incident.
Exploiting the first vulnerability requires local access to the victim’s device, which experts say is not a problem for experienced attackers. As a demonstration, the researchers showed how to bypass the owner to install the Pokemon Go gaming application on the gadget, although hackers might choose something more dangerous. Devices running Android 13 are not affected even in combination with the outdated Store client, but in practice that doesn’t help much: according to AppBrain Analytics, only 7% of all Android devices are controlled by the latest version of the platform, and Unsupported versions of the system (Android 9.0 and older) hold 27% of the market.