This was published by the German cybersecurity company Recurity Labs information to two vulnerabilities in the webOS platform that LG Smart TVs run on. These vulnerabilities could allow an attacker to download, read, and overwrite arbitrary files on the device.
The first vulnerability affects the notification component of Notification Manager. By default, sending notifications in webOS is restricted to system services only, while non-privileged third-party applications do not have access to this feature. However, this limitation is circumvented by invoking the luna-send-pub (com.webos.lunasendpub) command, which allows any third-party software to work with notifications.
The second vulnerability complements the first: calling the “luna://com.webos.notification/createAlert” API with the onclick, onclose, or onfail parameters makes it possible to start any handler, including calling the Download Manager system service. whose privileges are quite high to load and save arbitrary files. This gives the attacker theoretically unrestricted access to the system.
Specialists from Recurity Labs have confirmed a possibility of exploiting vulnerabilities in the LG 65SM8500PLA TV running webOS TV 05.10.30. LG Product Security Division was officially notified of the existence of the violations as early as November 11, 2021, but there was no response. Vulnerabilities have not been officially registered and no action has been taken to close them. Therefore, the German company waited the standard 90 days, which expired on February 10, 2022, and released information about its discovery on March 2.