{"id":440000,"date":"2022-10-31T10:50:27","date_gmt":"2022-10-31T12:50:27","guid":{"rendered":"https:\/\/teknomers.com\/fr\/le-bogue-du-samsung-galaxy-store-aurait-pu-permettre-aux-pirates-dinstaller-secretement-des-applications-sur-des-appareils-cibles\/"},"modified":"2022-10-31T10:50:29","modified_gmt":"2022-10-31T12:50:29","slug":"le-bogue-du-samsung-galaxy-store-aurait-pu-permettre-aux-pirates-dinstaller-secretement-des-applications-sur-des-appareils-cibles","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/le-bogue-du-samsung-galaxy-store-aurait-pu-permettre-aux-pirates-dinstaller-secretement-des-applications-sur-des-appareils-cibles\/","title":{"rendered":"Le bogue du Samsung Galaxy Store aurait pu permettre aux pirates d&#8217;installer secr\u00e8tement des applications sur des appareils cibl\u00e9s"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Une faille de s\u00e9curit\u00e9 d\u00e9sormais corrig\u00e9e a \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9e dans l&#8217;application Galaxy Store pour les appareils Samsung qui pourrait potentiellement d\u00e9clencher l&#8217;ex\u00e9cution de commandes \u00e0 distance sur les t\u00e9l\u00e9phones concern\u00e9s.<\/p>\n<p>La vuln\u00e9rabilit\u00e9, qui affecte Galaxy Store version 4.5.32.4, concerne un bogue de script intersite (XSS) qui se produit lors de la gestion de certains <a rel=\"nofollow noopener\" href=\"https:\/\/developer.android.com\/training\/app-links\/deep-linking\" target=\"_blank\">liens profonds<\/a>.  Un chercheur ind\u00e9pendant en s\u00e9curit\u00e9 a \u00e9t\u00e9 cr\u00e9dit\u00e9 d&#8217;avoir signal\u00e9 le probl\u00e8me.<\/p>\n<p>&#8220;Ici, en ne v\u00e9rifiant pas le lien profond de mani\u00e8re s\u00e9curis\u00e9e, lorsqu&#8217;un utilisateur acc\u00e8de \u00e0 un lien \u00e0 partir d&#8217;un site Web contenant le lien profond, l&#8217;attaquant peut ex\u00e9cuter du code JS dans le contexte de la vue Web de l&#8217;application Galaxy Store&#8221;, a d\u00e9clar\u00e9 SSD Secure Disclosure. <a rel=\"nofollow noopener\" href=\"https:\/\/ssd-disclosure.com\/ssd-advisory-galaxy-store-applications-installation-launching-without-user-interaction\/\" target=\"_blank\">a dit<\/a> dans un avis publi\u00e9 la semaine derni\u00e8re.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"309\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/10\/1667220627_861_Le-bogue-du-Samsung-Galaxy-Store-aurait-pu-permettre-aux.jpg\" \/><\/div>\n<p><a rel=\"nofollow noopener\" href=\"https:\/\/owasp.org\/www-community\/attacks\/xss\/\" target=\"_blank\">Attaques XSS<\/a> permettre \u00e0 un adversaire d&#8217;injecter et d&#8217;ex\u00e9cuter du code JavaScript malveillant lors de la visite d&#8217;un site Web \u00e0 partir d&#8217;un navigateur ou d&#8217;une autre application.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Le probl\u00e8me identifi\u00e9 dans l&#8217;application Galaxy Store concerne la configuration des liens profonds pour le service de marketing et de contenu de Samsung (<a rel=\"nofollow noopener\" href=\"https:\/\/us-mktg.mcsvc.samsung.com\/\" target=\"_blank\">SCS<\/a>), conduisant potentiellement \u00e0 un sc\u00e9nario dans lequel un code arbitraire inject\u00e9 dans le site Web MCS pourrait conduire \u00e0 son ex\u00e9cution.<\/p>\n<p>Cela pourrait ensuite \u00eatre exploit\u00e9 pour t\u00e9l\u00e9charger et installer des applications contenant des logiciels malveillants sur l&#8217;appareil Samsung lors de la visite du lien.<\/p>\n<p>&#8220;Pour pouvoir exploiter avec succ\u00e8s le serveur de la victime, il est n\u00e9cessaire d&#8217;avoir un contournement HTTPS et CORS de chrome&#8221;, ont not\u00e9 les chercheurs.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/10\/samsung-galaxy-store-bug-couldve-let.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Une faille de s\u00e9curit\u00e9 d\u00e9sormais corrig\u00e9e a \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9e dans l&#8217;application Galaxy Store pour les appareils Samsung qui pourrait potentiellement d\u00e9clencher l&#8217;ex\u00e9cution de commandes \u00e0 distance sur les t\u00e9l\u00e9phones concern\u00e9s. La vuln\u00e9rabilit\u00e9, qui affecte Galaxy Store version 4.5.32.4, concerne un bogue de script intersite (XSS) qui se produit lors de la gestion de certains liens [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":440001,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[8737,8361,2514,507,6813,9589,4168,4158,4165,4161,133,92010,10778,4157,4159,4171,4170,4167,4160,4163,4162,5848,4394,7850,6244,4172,4169,1829,60,4166,4164],"class_list":["post-440000","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-appareils","tag-applications","tag-aurait","tag-aux","tag-bogue","tag-cibles","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-dinstaller","tag-galaxy","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-permettre","tag-pirates","tag-samsung","tag-secretement","tag-securite-informatique","tag-securite-internet","tag-store","tag-sur","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/440000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=440000"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/440000\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/440001"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=440000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=440000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=440000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}