This is due to customizations made by LG, which restrict access to the vulnerable component. Now, before we start, it should be noted that this issue does not affect the one webOS hardware device in my possession an LG Smart TV with model name 65SM8500PLA and webOS version 4.8.0-52002. This post will use this emulator, running webOS version 5.0.0-88, to demonstrate the issue.
Some CaveatsĪs part of the LG webOS TV SDK, LG provides a webOS TV emulator running on QEMU. This led to some interesting discoveries, including a local privilege escalation method, which will be outlined in this blog post. The title of the post has been updated accordingly.Ī while back, I decided to devote some research time looking into the inner workings of webOS to be able to better understand the security posture of the platform as whole, and to better be able to spot security issues in webOS applications. Update (): Please note that LG actually did request and receive a CVE number, after this post was published.
0 kommentar(er)
