German company Recurity Labs, which specializes in cybersecurity, has published information on two vulnerabilities in the webOS platform on which LG smart TVs run. Using these gaps, an attacker can download, read and overwrite arbitrary files on the device.
The first vulnerability affects the Notification Manager notification component. By default, sending notifications to webOS is restricted to system services only, while third-party non-privileged applications do not have access to this feature. However, this restriction bypasses the luna-send-pub command (com.webos.lunasendpub), which allows arbitrary third-party software to handle notifications.
The second vulnerability complements the first: by accessing the API “luna: //com.webos.notification/createAlert” using the onclick, onclose or onfail parameters, it is possible to run any handler, including calling the Download Manager system service, whose privileges are quite high, to download and save arbitrary files. In theory, this gives an attacker unrestricted access to the system.
Recurity Labs experts have confirmed the possibility of exploiting vulnerabilities on the LG 65SM8500PLA TV running webOS TV 05.10.30. LG Product Security was officially notified of the gaps on November 11, 2021, but no response was received. The vulnerabilities were not officially registered and no action was taken to close them. Therefore, the German company waited for the standard 90 days, which expired on February 10, 2022, and disclosed information about its opening on March 2.
If you notice an error – select it with the mouse and press CTRL + ENTER.