Macluumaad ku saabsan baylahda goobta furan ee webOS madal kaas oo loo isticmaali karo in lagu helo mudnaanta API-yada heerka hoose ee deegaanka nidaamka LG TV-yada iyo aaladaha kale ee ku saleysan goobtan. Weerarka waxaa lagu qaadaa iyadoo la bilaabayo arji aan mudneyn oo ka faa'iideysanaya dayacanka iyadoo la gelayo API-yada gudaha, taasoo u oggolaanaysa qofka weerarka geystay inuu dib u qoro ama akhriyo faylal aan sabab lahayn ama uu sameeyo ficillo kale oo uu oggol yahay nidaamka API-ga.
Midda kowaad ee dayacanka la aqoonsaday ayaa ogolanaya in laga gudbo xannibaadaha gelitaanka maamulaha Ogeysiinta API, halka tan labaad ay ogolaato Maareeyaha Ogeysiinta in loo isticmaalo gelitaanka API-yada kale ee gudaha ee aan si toos ah loo heli karin codsiga isticmaalaha. Aqoonsayaasha CVE weli looma xilsaarin arrimahan. Ka faa'iidaysiga dayacanka kuwan waxaa lagu tijaabiyay LG 65SM8500PLA TV ku shaqeeya webOS TV nooca firmware 05.10.30.
Nuglaanta koowaad ayaa ah in asal ahaan, ogeysiisyada webOS loo oggol yahay oo keliya adeegyada nidaamka. Si kastaba ha ahaatee, xayiraaddan waa la dhaafi karaa oo ogeysiis ayaa laga soo diri karaa codsi aan mudnayn iyadoo la adeegsanayo amarka luna-send-pub (com.webos.lunasendpub). Nuglaanta labaad ayaa ah in adigoo wacaya "luna://com.webos.notification/createAlert" API oo leh gujis, xirid, ama xad-dhaaf, maamule kasta waa la bilaabi karaa. Tusaale ahaan, waxay u yeeri kartaa adeegga nidaamka Download Manager, kaas oo kaliya codsiyada mudnaanta leh loo oggol yahay inay socodsiiyaan, si ay u soo dejiyaan oo u kaydiyaan faylasha aan sabab lahayn.
Source: opennet.ru
