Security News Sony Bravia Smart TVs affected by a critical vulnerability

[LASER_oneXM]

Content source

https://securityaffairs.co/wordpress/76907/hacking/sony-bravia-smart-bug.html

Experts at FortiGuard Labs team discovered three vulnerabilities in eight Sony Bravia smart TVs, one of them rated as critical.

Patch management is a crucial aspect for IoT devices, smart objects are surrounding us and represent a privileged target for hackers.
Experts at FortiGuard Labs team discovered three vulnerabilities (a stack buffer overflow, a directory traversal, and a command-injection issue) in eight Sony Bravia smart TVs, one of them rated as critical.
Affected Sony Bravia models include R5C, WD75, WD65, XE70, XF70, WE75, WE6 and WF6.

The most severe vulnerability tracked as CVE-2018-16593 is a command-injection flaw that resides in the Sony application Photo Sharing Plus that allows users to share multimedia content from their mobile devices via Sony Smart TVs.
An attacker needs to share on the same wireless network as the Sony TV in order to trigger the vulnerability.

Sony has provided over-the-air patch updated to address the flaws, the fixes need to be approved by the user.

“If your television is set to automatically receive updates when connected to the internet, it should have already been updated. This is the default setting for the affected models.” reads the security advisory published by Sony.

“To verify that your television has been updated, please visit the Downloads section of your model’s product page. Click the Firmware update link for details about how to check the software version. If your television has not already been updated, please follow the instructions to download and install the update.”