Information has been disclosed about vulnerabilities in the open webOS platform that can be used to gain access to privileged low-level APIs of the system environment of LG TVs and other devices based on this platform. The attack is carried out through the launch of an unprivileged application that exploits vulnerabilities through access to internal APIs, and allows you to overwrite/read arbitrary files or perform other actions that are allowed by system APIs.
The first of the identified vulnerabilities allows you to bypass access restrictions to the Notification Manager API, and the second allows you to use Notification Manager to access other internal APIs that are not directly accessible to the user application. CVE identifiers have not yet been assigned to the issues. The ability to exploit vulnerabilities was tested on an LG 65SM8500PLA TV with firmware based on webOS TV 05.10.30.
The essence of the first vulnerability is that by default, sending notifications in webOS is allowed only to system services, but this restriction can be bypassed and a notification can be sent from an unprivileged application using the luna-send-pub command (com.webos.lunasendpub). The second vulnerability is related to the fact that by calling the API “luna://com.webos.notification/createAlert” with the onclick, onclose or onfail parameters, you can launch any handler and, for example, call the Download Manager system service, which is only allowed to be launched privileged applications to download and save arbitrary files.
Source: opennet.ru