Operating System:

[Apple iOS]

Published:

13 October 2011

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2011.1033 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.1033
                       Apple TV Software Update 4.4
                              13 October 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Apple TV
Publisher:        Apple
Operating System: Apple iOS
Impact/Access:    Access Confidential Data        -- Remote with User Interaction
                  Access Privileged Data          -- Remote with User Interaction
                  Provide Misleading Information  -- Remote with User Interaction
                  Unauthorised Access             -- Remote with User Interaction
                  Execute Arbitrary Code/Commands -- Remote with User Interaction
                  Denial of Service               -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2011-3427 CVE-2011-3389 CVE-2011-3259
                  CVE-2011-3232 CVE-2011-0241 CVE-2011-0216
                  CVE-2011-0192  

Reference:        ESB-2011.1032
                  ESB-2011.1026
                  ESB-2011.0749
                  ESB-2011.0314
                  ESB-2011.0277
                  ESB-2011.0276
                  ESB-2011.0275
                  ESB-2011.0244
                  ASB-2011.0071.2

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4

Apple TV Software Update 4.4 is now available and addresses
the following:

Apple TV
Available for:  Apple TV 4.0 through 4.3
Impact:  An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description:  Fraudulent certificates were issued by multiple
certificate authorities operated by DigiNotar. This issue is
addressed by removing DigiNotar from the list of trusted root
certificates, from the list of Extended Validation (EV) certificate
authorities, and by configuring default system trust settings so that
DigiNotar's certificates, including those issued by other
authorities, are not trusted.

Apple TV
Available for:  Apple TV 4.0 through 4.3
Impact:  Support for X.509 certificates with MD5 hashes may expose
users to spoofing and information disclosure as attacks improve
Description:  Certificates signed using the MD5 hash algorithm were
accepted by iOS. This algorithm has known cryptographic weaknesses.
Further research or a misconfigured certificate authority could have
allowed the creation of X.509 certificates with attacker controlled
values that would have been trusted by the system. This would have
exposed X.509 based protocols to spoofing, man in the middle attacks,
and information disclosure. This update disables support for an X.509
certificate with an MD5 hash for any use other than as a trusted root
certificate.
CVE-ID
CVE-2011-3427

Apple TV
Available for:  Apple TV 4.0 through 4.3
Impact:  An attacker could decrypt part of a SSL connection
Description:  Only the SSLv3 and TLS 1.0 versions of SSL were
supported. These versions are subject to a protocol weakness when
using block ciphers. A man-in-the-middle attacker could have injected
invalid data, causing the connection to close but revealing some
information about the previous data. If the same connection was
attempted repeatedly the attacker may eventually have been able to
decrypt the data being sent, such as a password. This issue is
addressed by adding support for TLS 1.2.
CVE-ID
CVE-2011-3389

Apple TV
Available for:  Apple TV 4.0 through 4.3
Impact:  Viewing a maliciously crafted TIFF image may result in an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in libTIFF's handling of
CCITT Group 4 encoded TIFF images.
CVE-ID
CVE-2011-0192 : Apple

Apple TV
Available for:  Apple TV 4.0 through 4.3
Impact:  Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in ImageIO's handling of
CCITT Group 4 encoded TIFF images.
CVE-ID
CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies

Apple TV
Available for:  Apple TV 4.0 through 4.3
Impact:  A remote attacker may cause a device reset
Description:  The kernel failed to promptly reclaim memory from
incomplete TCP connections. An attacker with the ability to connect
to a listening service on an iOS device could exhaust system
resources.
CVE-ID
CVE-2011-3259 : Wouter van der Veer of Topicus I&I, and Josh Enders

Apple TV
Available for:  Apple TV 4.0 through 4.3
Impact:  An attacker with a privileged network position may cause an
unexpected application termination or arbitrary code execution
Description:  A one-byte heap buffer overflow existed in libxml's
handling of XML data.
CVE-ID
CVE-2011-0216 : Billy Rios of the Google Security Team

Apple TV
Available for:  Apple TV 4.0 through 4.3
Impact:  An attacker with a privileged network position may cause an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in JavaScriptCore.
CVE-ID
CVE-2011-3232 : Aki Helin of OUSPG


Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQEcBAEBAgAGBQJOlcwaAAoJEGnF2JsdZQeegxcIAKElICLSw74Dj2vV1uDzwh8f
6cOg/AKME1KB80rFgkHymBZM4t1mrLhwYLFs5w8oFRbbL02fxAxhw/DRWYHoqWHw
mPR7A2Alg7fwX4FAyhJ/EVb8/szUvRsS9YD2AxOZeDdQdw+40mP5rYgx+dkURuag
Rx6S5M4LaQ7A0/yfnRhUCWc6Er78LIcFxkjY4XEHwRuOR0jOnZyHSI1wx1UAvkam
HeWtRLnamHSANnZhQhrp+cesGRI5HrbbFHGJgc1nBIGZz65qgk3ZOKGh9MPBMrGm
ISg0lZHs/5gVKBFmkaMj1wyMAdsaDezWov01Bqz/UrMVuqo/7sjO4Is8x99W0EE=
=AlFT
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTpZ0du4yVqjM2NGpAQJDUhAAnPlzK0hOMreTM3lgiJTBzWQXlvs6NAFp
iZ6w71dRWjmE+bnQF7bQUmiLV63qrv3POyCc12TVXFZloSK1bdAyFJ9lOkSgluvf
rC0ExoW3kRHWzetdUYlfKWTO4HnZXhfslPecCQX/iRqTB/q/KTCcYMyEpDJ46q9p
7DmReoktjMq6QdIz6lTjwg0VvusTIPLS0umyF1REj1PBSw76OfWZAhoODmpuG/wr
OE9tcl23p/BYG1EQGnlWg1WLMDMQUsxgDN+0G5gzGjZwqZsHjJKIATCRi+8yBei1
fU+fbPDlbcwVEqlm0modcQ4s7Tye0R4nh0ZsAA3LLVSnoShvcZy8s6LQ+9692Is0
qva2/2QpNJn+ELn1Oi44A8p2lEFxpn8PT/vOGj7znp+jChpzwiU10ZJnOOfhUpIv
XJ/Uh6bJjHRqOwRLjAsJcv4wScYpQnwC/8HkvJ87MU/O7zhsIUPmB4b/PS5Oh5QM
P5mDXYsqih/g4709wFKgt3FlpuqhFAgVEMT05K1xPe6EO57fRf3c/+Lzpbyd8gmY
AkYTXSWsHlDWrLFJ7797y0a0XilNfcEhaVrHUV74Uem6twX2toGOtKq1AFBgPGO5
k1NKyukg3SwBwDA4OcMSMQQ3yFXClNyVVwrH73veedZ9688p5nP++I72mZUY48U4
rE1E22h5MPk=
=T8py
-----END PGP SIGNATURE-----