CPRID-1027

LG Android devices • Android 6.0, 6.0.1, 7.0, 7.1, 7.2, 8.0, 8.1 • Man-In-The-Disk attack leads to LPE
Reported on 14-Dec-17 by Slava Makkaveev
CPR-ID: 1027
Upload Date: 19-Jun-19

Information

LG World (com.lge.lgworld) built-in app downloads self-updating APK file to the public accessible storage and does not verify a signature. An attacker can overwrite the file and install an arbitrary app.

LG Vulnerability ID: LVE-SMP-170026

References:
https://research.checkpoint.com/androids-man-in-the-disk/

Share this: