Webos vulnerabilities allowing to overwrite files on LG TVs

disclosed Information about vulnerabilities in the open WebOS platform, which can be used to access the privileged low-level access API system environment of LG TVs and other devices based on this platform. The attack is performed through the launch of an unprivileged application that operates vulnerability through access to the inner API, and allows you to overwrite / read arbitrary files or perform other actions that allow the system API.

The first of the identified vulnerability allows you to bypass access to the Notication Manager API, and the second Allows you to use Notification Manager to access another internal API, directly directly to the user application. CVE identifiers are not yet assigned to problems. The ability to operate vulnerabilities is tested on the LG 65SM8500PLA TV with a firmware based on WebOS TV 05.10.30.

The essence of the first vulnerability is that by default sending notifications to the WebOS is allowed only by system services, but this restriction can be accessed and send a notice from an unprivileged application by using the LUNA-SEND-PUB command (com.webos.lunasendpub). The second appointment is due to the fact that through the appeal to the API “luna: //com.webos.notification/createAlert” with the ONCLICK, OnClose or OnFail parameters, you can run any handler and, for example, to get the call of the Download Manager system, which is allowed to run only Privileged applications, download and save arbitrary files.

/Media reports.