writeups.xyz / Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)

Submitter : c2a

Date: 20 January 2023

Bounty : undisclosed

Vulnerabilities :

• Android
• Insecure Intent
• Insecure Deeplink
• URL Validation Bypass

Programs :

• Samsung

Authors :

• Ken Gannon (@Yogehi)

Link :
https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/