CVE-2023-21515

Name of the Vulnerable Software and Affected Versions Galaxy Store versions prior to 4.5.49.8

Description The issue allows attackers to execute javascript API to install APK from Galaxy Store due to a vulnerable script in InstantPlay. This script can execute javascript in Galaxy Store, enabling the installation of APKs.

Recommendations For Galaxy Store versions prior to 4.5.49.8, update to version 4.5.49.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the InstantPlay feature until a patch is available. Avoid using the vulnerable script in InstantPlay to minimize the risk of exploitation.