Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Severe vulnerabilities spotted in LG G3, G4, and G5

MWR Labs researchers recently disclosed two high-security vulnerabilities in LG G3, G4, and G5 mobile devices.

The bugs include a Path Transversal flaw and an Arbitrary File Disclosure flaw, according to the respective security advisories.

The Path Transversal flaw was caused by the application not validating that URL parameters did not contain potentially malicious characters and could allow an attacker on the same network as a user to make any media file or folder shareable without authentication or user interaction.

The Arbitrary File Disclosure flaw was caused by the SmartShare.Cloud application launching an unauthenticated HTTP Server listening on all interfaces while connected to a WiFi network and could allow an attacker to retrieve any media file from the Cloud storage of the victim as long as they knew the file name.

Users are encouraged to ensure their devices are updated to the latest versions as Version 2.4.0 has mitigated the issues.

Related

Security concerns curb open source utilization

Open source software utilization has been scaled back by nearly 40% of industry professionals due to security concerns, with more than 50% reducing open source usage following the emergence of the widespread Log4j vulnerability, The Register reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.