CVE-2023-44128

Name of the Vulnerable Software and Affected Versions LGInstallService (affected versions not specified)

Description The issue allows an attacker to delete arbitrary files in the LGInstallService app. The app contains an exported service that exposes an AIDL interface, with methods that call the installPackageVerify() method for signature validation after a file deletion method. However, an attacker can manipulate conditions to bypass this security check, resulting in the deletion of an attacker-controlled file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.