Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Samsung Galaxy Store flaw could have allowed installing malicious apps on target devices

A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected phones. A now-patched vulnerability in the Galaxy Store app for Samsung devices could have potentially triggered remote command execution on affected phones. The flaw is a cross-site scripting (XSS) bug that can be triggered when […]

Samsung MagicINFO CVE-2025-21043

A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected phones.

A now-patched vulnerability in the Galaxy Store app for Samsung devices could have potentially triggered remote command execution on affected phones.

The flaw is a cross-site scripting (XSS) bug that can be triggered when handling certain deep links.

The vulnerability impacts Galaxy Store version 4.5.32.4, it was reported by an independent security researcher through the SSD Secure Disclosure program.

“In the Galaxy Store application, there are some deeplinks handled. Deeplink can be called from another application or from a browser. When receiving suitable deeplinks Galaxy Store will process and display them via webview.” reads the advisory. “Here, by not checking the deeplink securely, when a user accesses a link from a website containing the deeplink, the attacker can execute JS code in the webview context of the Galaxy Store application.”

The expert focuses on deep links configured for Samsung’s Marketing & Content Service (MCS).

The SamSung MCS Direct Page website was parsing the parameter from the url and then display it on the website, but it did not encode, leading to an XSS error.

“We can see the website is processing the abc, def parameters and displaying as above without encoding, the url is passed directly to href this is very dangerous and will cause XSS.” continues the advisory.

While analyzing the deeplink process code, the expert noticed two functions, downloadApp and openApp, in the Class EditorialScriptInterface.

The two functions allow getting the app id and downloading them from the store or opening them. This means that it is possible to use JS code to call these two functions. In this scenario, an attacker can inject arbitrary code into the MCS website and execute it.

This issue can be exploited to download and install malicious apps on the Samsung device when visiting the link.

Samsung has already issued patches to address this issue.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Log4Shell)

[adrotate banner=”5″]

[adrotate banner=”13″]