A handful of bugs in LG smart TVs running WebOS could allow an attacker to bypass authorization and gain root access on the device.
In order to abuse any of the command injection flaws, however, the attacker must first exploit CVE-2023-6317. This issue is down to WebOS running a service on ports 3000/3001 that allows users to control their TV on their smartphone using a PIN. But, there's a bug in the account handler function that sometimes allows skipping the PIN verification:
After creating an account with no permissions, an attacker can then request a new account with elevated privileges"but we specify the companion-client-key variable to match the key we got when we created the first account," the team reports.Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaignThe server confirms that the key exists, but doesn't verify which account it belongs to, we're told.
We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Eight images from Motherwell Photographic Society make it into union portfolioThey were invited to enter four images from four different authors in three different sections
Source: Daily_Record - 🏆 9. / 89 Read more »
Japanese GP: Max Verstappen's qualifying dominance continues with a P1 in SuzukaThat's four from four for Max Verstappen in 2024's qualifying!
Source: Planet_F1 - 🏆 126. / 51 Read more »
Nearly four million smart meters in Britain are not working properly - with customers left paying...Some 3.98million of the devices found in homes across the UK were not operating in smart mode as of December 2023, according to data from the Department for Energy Security and Net Zero.
Source: DailyMailUK - 🏆 7. / 90 Read more »
Four million UK households given smart meter warning as woman charged £3,500Almost four million smart meters in Great Britain are not working properly, according to the latest figures from the Department for Energy Security and Net Zero (Desnez)
Source: leedslivenews - 🏆 118. / 51 Read more »
Government announces repair money for four Shropshire schoolsFour Shropshire schools will receive a slice of a £38m fund for improvement projects, according to the Government.
Source: ShropshireStar - 🏆 98. / 51 Read more »
Art Basel Hong Kong: Four Emerging Artists to Look Out ForAs Art Basel returns to Hong Kong, AnOther speaks to four emerging artists – Sean Steadman, Kara Chin, Steph Huang and Arthur Marie – about their work at the fair
Source: AnOtherMagazine - 🏆 97. / 51 Read more »