CVE-2024-20825

Name of the Vulnerable Software and Affected Versions Galaxy Store versions prior to 4.5.63.6

Description The issue allows local attackers to access sensitive information via implicit intent due to an implicit intent hijacking vulnerability in the In-App Purchase (IAP) component of the Galaxy Store. This vulnerability can be exploited by local attackers.

Recommendations For Galaxy Store versions prior to 4.5.63.6, update to version 4.5.63.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information within the Galaxy Store until the update is applied.