LG patches security risk for TVs running webOS versions 4 to 7

Mike Wheatley

Certain LG Electronics TV models from 2019 and onwards might be at risk of a serious vulnerability that enables would-be hackers to gain root access to its underlying operating system. If a hacker does this, they would have unlimited access to the TV and its applications, and potentially be able to get up to all kinds of mischief.


A report from the cybersecurity firm Bitdefender said the vulnerability has to do with the webOS operating system, which means that LG’s entire lineup of OLED, QNED and regular LCD TV models are at risk.

Through the system vulnerability, hackers can access user’s account details and potentially obtain payment information linked to that account. They could also hijack the TV and incorporate it into what’s known as a “botnet”, which is a system of hacked, networked devices that are used for ad-click fraud.

Bitdefender said more than 91,000 LG TVs running webOS versions four to seven are susceptible to the vulnerability. It produced a list of the exact software versions which are vulnerable, so anyone whose TV is currently running that software is strongly advised to either update their TV immediately, or disconnect it from the internet until they can.

The following webOS versions were identified to be affected:

  • webOS 4.9.7 - 5.30.40 (LG models from 2019)
  • webOS 5.5.0 - 04.50.51 (LG models from 2020)
  • webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 (LG models from 2021)
  • webOS 7.3.1-43 (mullet-mebin) - 03.33.85 (LG models from 2022)

Bitdefender said it informed LG of the vulnerability back in November 2023 and LG says it issued a fix on April 9. So anyone who has automatic software updates switched on will not need to worry, but those who need to install the software manually can do so by going to Settings > Support > Software Update. As an alternative, users could disconnect the TV from the internet completely and instead use a streaming device such as Chromecast or Apple TV 4K to stream content.

Those who haven’t taken any action yet are strongly advised to do so, as vulnerabilities that provide hackers with access to users’ personal and financial data can have serious consequences.