CVE-2023-42580

Summary

CVE-2023-42580 is a new vulnerability affecting the MCSLaunch deeplink in the Galaxy Store before version 4.5.64.4. This issue involves improper URL validation, allowing attackers to execute JavaScript APIs and subsequently install malicious APKs from the Galaxy Store. By exploiting this vulnerability, cybercriminals can potentially install unauthorized apps on unsuspecting users' devices. This poses a significant risk, especially considering the popularity of the Galaxy Store and the trust users place in it for downloading apps. Users are advised to update their Galaxy Store to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.