Login Sign Up

CVE-2023-42580

7.5 HIGH

📋 TL;DR

This vulnerability in Samsung Galaxy Store allows attackers to bypass URL validation in MCSLaunch deeplinks, enabling them to execute JavaScript APIs that can install APK files without user consent. It affects Samsung Galaxy devices running Galaxy Store versions prior to 4.5.64.4. Attackers could potentially install malicious applications on affected devices.

💻 Affected Systems

Products:
  • Samsung Galaxy Store
Versions: Versions prior to 4.5.64.4
Operating Systems: Android (Samsung devices)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Samsung devices with Galaxy Store installed. The vulnerability requires user interaction (clicking a malicious link).

📦 What is this software?

Galaxy Store by Samsung

View all CVEs affecting Galaxy Store →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could silently install malicious APKs containing spyware, ransomware, or other malware, leading to complete device compromise, data theft, and unauthorized access to sensitive information.

🟠

Likely Case

Attackers would use this to install unwanted applications, adware, or credential-stealing apps, potentially leading to privacy violations, financial loss, and degraded device performance.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated, preventing unauthorized APK installations through this vector.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to click a malicious link, but no authentication is needed beyond that interaction. The technical complexity appears low based on the description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.64.4

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12

Restart Required: No

Instructions:

1. Open Galaxy Store app. 2. Go to Settings > About Galaxy Store. 3. Check version number. 4. If version is below 4.5.64.4, update through Galaxy Store updates or Samsung app store. 5. Verify update completed successfully.

🔧 Temporary Workarounds

Disable automatic app installations

android

Prevent automatic APK installations by requiring manual approval for all app installations

Navigate to Settings > Biometrics and security > Install unknown apps > Disable for all apps

Use web browser caution

all

Avoid clicking on suspicious links, especially those promising app installations or updates

🧯 If You Can't Patch

  • Implement mobile device management (MDM) policies to restrict app installations
  • Deploy network filtering to block known malicious domains and URLs

🔍 How to Verify

Check if Vulnerable:

Check Galaxy Store version: Open Galaxy Store > Settings > About Galaxy Store. If version is below 4.5.64.4, the device is vulnerable.

Check Version:

No command line option. Use GUI: Galaxy Store > Settings > About Galaxy Store

Verify Fix Applied:

After updating, verify Galaxy Store version is 4.5.64.4 or higher using the same method.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected APK installation events
  • Galaxy Store process initiating unexpected installations
  • MCSLaunch deeplink activity

Network Indicators:

  • HTTP requests to unusual domains preceding app installations
  • Traffic patterns matching known exploit domains

SIEM Query:

source="android_logs" AND (event="app_install" OR process="com.sec.android.app.samsungapps") AND version<"4.5.64.4"

📊 Metadata

CVE ID: CVE-2023-42580
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: December 5, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON