CVE-2023-42581

Name of the Vulnerable Software and Affected Versions Galaxy Store versions prior to 4.5.64.4

Description The issue is related to improper URL validation from InstantPlay deeplink in Galaxy Store, allowing attackers to execute JavaScript API and access data. This can lead to remote code execution.

Recommendations For Galaxy Store versions prior to 4.5.64.4, update to version 4.5.64.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the InstantPlay deeplink feature until a patch is applied. Avoid using the InstantPlay deeplink in the affected Galaxy Store versions until the issue is resolved.