Home / vulnerabilities Apple Security Advisory 2016-03-21-3
Posted on 22 March 2016
Source : packetstormsecurity.org Link
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-3 tvOS 9.2
tvOS 9.2 is now available and addresses the following:
FontParser
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: Apple TV (4th generation)
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
libxml2
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1762
Security
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1783 : Mihai Parparita of Google
WebKit History
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and æÂ?æ?®åÂ? of
æ? 声信æ¯æ??æ?¯PKAV Team (PKAV.net)
Wi-Fi
Available for: Apple TV (4th generation)
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JP8AAoJEBcWfLTuOo7tR/kP/RD4JRXU2YPUzW1uW8wZp/uE
v9ezAlKGUpUwjkRd2CFt7hb1AO1Eic2BSRpmElWmet+LKOmm6E1AUJWzjB/3/8rl
xA/KFLamFu7avei6OZEaRwHAYzCmqE9OZT6PjJNSxNpFhcXsk3pr88Mt+L6QNsVE
2Fvx986a1Y4qlpQBREnfXfOzYKNBHBdO8t0XzjECyWzbB9mXgCx9sgj22Ia/L10M
B+vDQhi55M46NgbImCNp3ix5XD+zHQabLQ/rTtMe3fkWZMa6uCdFRzEac0E7FR/h
QW04J3P+nSiuTWyYddGsFpTs0SPDPhUPa7WwQwOTIOZjHjh9NMyqCediQYbO1FhE
4MqjuQg+vYHljTeAPZQydCqGoTj+sbGQqSg07oa0PVPanNaSZoJPHUnxvnmP/kWQ
BL9UwECdbfjTG65mDHZ9OmDZTLLSZX5FZ03cXd+/VkELRinIO5kMyc3RMIVHlkma
Vua8/5Nh7pcRUoRtw46TJn0pFih6GOyZzow4sonZoUAT/wHQRR5WSJw/aWuwhurG
ErAFG/vUjyKdYDc7o8394kefn1cpl0PbBtpa2IvDcig1dzTF0iWmlhNI8TMeqPQr
lNVS1pW1F8FqMCGFPmBoKaJGJckYz5QI7XCddBhxtBxwDeZS8PjmsQ01MlDe9RaL
EKY5qeXLPmBhjG354Sz2
=qtHe
-----END PGP SIGNATURE-----