Alert: Vulnerabilities found in TCL Android TVs

2020-12-06

2020-12-06

 

TCL was recently notified by an independent security researcher of two vulnerabilities in Android TV models. Once TCL received notification, the company quickly took steps to investigate, thoroughly test, develop patches, and implement a plan to send updates to resolve the matter. Updating devices and applications to enhance security is a regular occurrence in the technology industry, and these updates are currently being distributed to all affected Android TV models.

 

TCL takes privacy and security very seriously, and particularly appreciates the vital role that independent researchers play in the technology ecosystem. We wish to thank the security researchers for bringing this matter to our attention as we work to advance the user experience. We are committed to bringing consumers secure and robust products, and we're confident that we're putting in place effective solutions for these devices.

 

FAQ

 

Who discovered these vulnerabilities

The discovery was made by two industry researchers @sickcodes and @johnjhacking.

 

How to fix these vulnerabilities for the affected Android TV set?

The updates are being distributed to all affected Android TV models. Please check and update your sets to the latest firmware to fix the issues.

To ensure your set has the latest firmware, Check the section below to view the instructions on how to check and update your TCL Android TV.

 

When was TCL made aware of these vulnerabilities?

The TCL lab was made aware of the discovery at 11:30am on October 27.  Within hours, the issues had been verified and the security compliance team triggered the vulnerability management response process.  The solution for CVE-2020-27403 began deployment on October 30 via APK upgrade. Updated firmware is being distributed to address CVE-2020-28055.  To ensure your set has the latest firmware, click the section below to view the instructions on how to view the software on your TCL Android TV.

 

How to check and update the firmware of your TCL Android TV

If necessary, follow the step-by-step instruction on how to update the software on your TCL Android TV:

1.Press the Home button on the TCL Android TV remote control to display the Home screen.

2.Use the navigation button to move the cursor to the Settings  icon, located on the right top of the screen, then press OK

3.Scroll and select More Settings. (If there is no "More Settings", go to the next step)

4.Scroll and select Device Preferences. (If there is no "Device Preferences", go to the next step)

5.Scroll and select About

6.Scroll and select System Update

7.The Software Update pop-up box will display, select Network Update

8.The TV will search for an available software update, once prompted, click OK to confirm.

2020-12-06