ESB-2012.1121

Operating System:
[Apple iOS]
Published:
30 November 2012
Protect yourself against future threats.
//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.
Resources > Security Bulletins > ESB-2012.1121
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.1121
                              Apple TV 5.1.1
                             30 November 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Apple TV
Publisher:        Apple
Operating System: Apple iOS
Impact/Access:    Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                  Access Privileged Data          -- Remote with User Interaction
                  Denial of Service               -- Remote/Unauthenticated      
Resolution:       Patch/Upgrade
CVE Names:        CVE-2012-3749 CVE-2012-3748 

Reference:        ESB-2012.1050
                  ESB-2012.1049.2

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-11-29-1 Apple TV 5.1.1

Apple TV 5.1.1 is now available and addresses the following:

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  Compromised applications may be able to determine addresses
in the kernel
Description:  An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing a
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square,
and additional anonymous researchers

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  An attacker with a privileged network position may cause an
unexpected application termination or arbitrary code execution
Description:  A time of check to time of use issue existed in the
handling of JavaScript arrays. This issue was addressed through
additional validation of JavaScript arrays.
CVE-ID
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working
with HP TippingPoint's Zero Day Initiative


Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJQtpmWAAoJEPefwLHPlZEwd8sP+waxIXnUyMc6YA7Nh/f6cC69
whHE1CRR/5MQuu0RvgM6WQpOKlgUapphmJptiahy1VTWezul0ikFZrK7isY9Qhiq
DqfqiNanq0AMLtMHMCJ2U1cfZXjmgBQ/8gBo0AH5R28xHLjDKQmFtsbxep9eitgm
lPCm8No+3HhQfP2YVxxw7BqtdtOS40+opq9W90BZkL1OCnglw9rwQH6CAnGLmNFb
g+3/mfBMzYB4aeob1rg3Zj6xmWCLJXtnNPzU+bxyxJiQDTNJcVQc4rLo+J4yBcDY
4/hJspNiA1LyjvrqJE6998Zzs7ULwnpoIhZR0/oy4q76o7ETtsRvlLIzig4Erwwo
SgAAtyw4Zn/6Ii4siCCto6xvrn4PvD4ph7Z8yQFBWlR5zbHDH1JuqTNjxGi1eJb5
N6AtpwtvVUcEKtQyRB4a6hvoeCRCjSMSXLMHyAXNx2sJny8FXT+zqVwgWjGD6BDq
bPYMWi1JnCiVBMJYH3DShv0keJvsvslC4IJjXjRoN/I+17EurnRw7f0ZhyiMaj4d
vrc4adHEsX0f34N4ug1zLmDGPDHKT7ob+rp1DvYp2XVD+rsyJ7HmtpehIoupWAgC
aZQtLXiJPKLC/JB+r+i/CyKcYWhzhYlrROd69CubjdXS3VBvup5wmzvuXHws9QwE
tmigYJfnTwIsjKU4P9SS
=VpYW
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBULf2Ze4yVqjM2NGpAQJGgA//TUnrYO72inNWUsdYodDfcDOu+0C6dcUx
4jXZrmTqzncoceMpR3DC9fP2jj/M6YaOT7B6o3eW1t3LUTLkvpL8Pj3SUJSRSywy
DObiDbBBfY0C5u6IgHQwmUS+1WgG/ZUuCWas5inax3DV+gJKR/5LwkpbjHtmYAd/
xoA8/T10nFa3C86RrJAuO7Hm6uDi5MLrAJZ6zItxpSbmK5GdO35vAf0+WoFkIBm5
O+pO3vAM6acxzxVOTWS/qNLqCnM35mpTc2NfbrgeRRAMhsXKahvilcw156D+8Ien
EEirNsAws8WQPC0K9SY5ol3SEewDJd7SMw7ETrz9Juw/hloR4zn2JtyvpZ3g3zKY
ynIHcA3FeBLSoO5CaFKNbjNo1UyxzZLzAmI3KiG6EPOBjjYqj/9mxxeFaisGQOeT
738WCFgnGxDoMZZlwH4qCvsfV35luA7MQTa+T+GXixV76hUF00HsjhKskZkCC5cn
kydllTlQd5wMycZdbk59V3q7ZEwM3qu4XU++I8aRDSws0hyN5NEDgiQZhpbddBF4
44aq2ysE+qEu1D2mgHhsXAUkvrcNmYSVPe2nq0EZNhHAHGMa7gzOqv+Un3oKP4sC
bjYeQmr56+TY8Ge3Bg/uL57vq2D/rjrwas/Y2PceQRGjgpDSAGwn+F7CTNusV0dr
ionSR2S9i9k=
=FO8S
-----END PGP SIGNATURE-----