Galaxy App Store Flaws
by Artie Kaye
Samsung’s application store for their phones has two vulnerabilities which can allow malware to be installed on the device. The first method requires physical access to the phone and can force an app to install without verifying it. The second method could allow arbitrary execution of JavaScript on the device, which could be executed through a link opened through the store. Both of these flaws have been addressed by Samsung and are patched. Galaxy device users should update their Galaxy App Store to version 4.5.49.8 or later. Google added protections against such flaws in their Android 13 software, but not all devices can upgraded to this, so the app store patch is the best solution to avoid this security hole.
The flaws are listed as CVE-2023-21433 and CVE-2023-21434.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
OneNote Files Being Leveraged
by Artie Kaye
Microsoft has addressed flaws that allowed Office, ISO, and ZIP files to install malware. Attackers have now found a flaw in OneNote files they are exploiting. When opening a OneNote file that could be potentially harmful, the program will pop up a warning. If this is dismissed or clicked away allowing the file to open, a message will appear on the screen stating “double click to view file.” This message will be hiding install files beneath it, clicking once dismisses the message, clicking twice activates one of the installers hidden beneath.
While this is not as straightforward as previous vulnerabilities, it requires a lot of work from the end user to install the malware. Be cautious of unknown files, and read notices when they pop up while opening files. It is good cyber hygiene to not open files from untrusted sources, and to double-check files from trusted sources. Keep your data safe.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Malicious Ad Campaign Shut Down
by Artie Kaye
The VASTFLUX advertising network has been taken down. It used JavaScript injection to alter legitimate ads, which would open and stack additional advertisements to generate revenue. It ran for months affecting approximately 11 million devices while spoofing hundreds of apps. Mitigations were developed to hinder its ability beginning in June 2022, and continual efforts to limit its functionality led to it being shut down on December 6th, 2022. The group responsible, Human Security, posted their findings recently.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)