CVE-2023-42580

Name of the Vulnerable Software and Affected Versions Galaxy Store versions prior to 4.5.64.4

Description The issue is related to improper URL validation from MCSLaunch deeplink in Galaxy Store, allowing attackers to execute JavaScript API and install APK from Galaxy Store. This can lead to remote code execution.

Recommendations For Galaxy Store versions prior to 4.5.64.4, update to version 4.5.64.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the MCSLaunch deeplink functionality until a patch is applied. Avoid using the JavaScript API to install APK from Galaxy Store until the issue is resolved.