“SNAP” allows an attacker to run arbitrary JavaScript code on the vulnerable LG devices, according to security researchers from Israeli security firms BugSec and Cynet. This might be easily exploited to allow private data leakage, phishing attacks and/or crash a vulnerable device, say the researchers.

The security flaw is rooted in a bug in one of the pre-installed LG applications, Smart Notice, which exists on every new LG G3 device. That’s why this device – but not other Android smartphone and tablets from other manufacturers, or earlier smartphones from LG – is vulnerable. LG debuted its Smart Notice app with the G3.

Source: Built-in LG smartphone app created data hack risk