Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.1060
Apple TV 6.1.2
1 July 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Apple TV
Publisher: Apple
Operating System: Apple iOS
Impact/Access: Root Compromise -- Remote with User Interaction
Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote with User Interaction
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2014-1731 CVE-2014-1383 CVE-2014-1382
CVE-2014-1368 CVE-2014-1367 CVE-2014-1366
CVE-2014-1365 CVE-2014-1364 CVE-2014-1363
CVE-2014-1362 CVE-2014-1361 CVE-2014-1359
CVE-2014-1358 CVE-2014-1357 CVE-2014-1356
CVE-2014-1355 CVE-2014-1343 CVE-2014-1342
CVE-2014-1341 CVE-2014-1339 CVE-2014-1338
CVE-2014-1337 CVE-2014-1336 CVE-2014-1335
CVE-2014-1334 CVE-2014-1333 CVE-2014-1331
CVE-2014-1330 CVE-2014-1329 CVE-2014-1327
CVE-2014-1326 CVE-2014-1325 CVE-2014-1323
CVE-2013-2927 CVE-2013-2875
Reference: ASB-2014.0057
ESB-2014.1059
ESB-2014.1057
ESB-2014.0792
ESB-2014.0657
ASB-2013.0114
ASB-2013.0083
ESB-2013.1530
ESB-2013.0994
ESB-2014.1058.2
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-06-30-4 Apple TV 6.1.2
Apple TV 6.1.2 is now available and addresses the following:
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An application could cause the device to unexpectedly
restart
Description: A null pointer dereference existed in the handling of
IOKit API arguments. This issue was addressed through additional
validation of IOKit API arguments.
CVE-ID
CVE-2014-1355 : cunzhang from Adlab of Venustech
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in launchd's handling of
IPC messages. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1356 : Ian Beer of Google Project Zero
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in launchd's handling of
log messages. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1357 : Ian Beer of Google Project Zero
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in launchd. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-1358 : Ian Beer of Google Project Zero
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer underflow existed in launchd. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-1359 : Ian Beer of Google Project Zero
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Two bytes of memory could be disclosed to a remote attacker
Description: An uninitialized memory access issue existed in the
handling of DTLS messages in a TLS connection. This issue was
addressed by only accepting DTLS messages in a DTLS connection.
CVE-ID
CVE-2014-1361 : Thijs Alkemade of The Adium Project
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2875 : miaubiz
CVE-2013-2927 : cloudfuzzer
CVE-2014-1323 : banty
CVE-2014-1325 : Apple
CVE-2014-1326 : Apple
CVE-2014-1327 : Google Chrome Security Team, Apple
CVE-2014-1329 : Google Chrome Security Team
CVE-2014-1330 : Google Chrome Security Team
CVE-2014-1331 : cloudfuzzer
CVE-2014-1333 : Google Chrome Security Team
CVE-2014-1334 : Apple
CVE-2014-1335 : Google Chrome Security Team
CVE-2014-1336 : Apple
CVE-2014-1337 : Apple
CVE-2014-1338 : Google Chrome Security Team
CVE-2014-1339 : Atte Kettunen of OUSPG
CVE-2014-1341 : Google Chrome Security Team
CVE-2014-1342 : Apple
CVE-2014-1343 : Google Chrome Security Team
CVE-2014-1362 : Apple, miaubiz
CVE-2014-1363 : Apple
CVE-2014-1364 : Apple
CVE-2014-1365 : Apple, Google Chrome Security Team
CVE-2014-1366 : Apple
CVE-2014-1367 : Apple
CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)
CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung
Electronics
CVE-2014-1731 : an anonymous member of the Blink development
community
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An iTunes Store transaction may be completed with
insufficient authorization
Description: A signed-in user was able to complete an iTunes Store
transaction without providing a valid password when prompted. This
issue was addressed by additional enforcement of purchase
authorization.
CVE-ID
CVE-2014-1383
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTsaLGAAoJEBcWfLTuOo7tgDkQAISO0VZeghUvKSWSJfPC7mlW
g8jGo58zwkZmjNcd0V907jHlK2UdNtHrV9SSvhvrYWhfVezoVrvg1EMciDMtdlxp
KHvAiCmiHJbs2NL3qrJSxjBZQfsovs1k0ju1MLAtiPjnNjzRLra01ww+IKjMK3j6
FldfDXFT5Fhag2qcyH4NuI/BNb2rKSxHp7F2A64e3aKR00DKmyOGXpF9fIZes37P
OqYWYRKfJ+sXMI8AOP/V++SuZ0SiUhSRKX8nSF0bNu1qpG9TvsBcZOjDigN0JMZg
8aD7be8KBs9vjSuRAG96q0fkf1ePN4MUIpe+uTHE2LJbOphvoKwYoSthfFc8KQ18
x9dVbHNd9Kfhqg5Gf10yr+a6pyxFMjTWEjs3UtDGQw8ZLUdggHtyqZHLVsszNgmA
m+LK6sQSWn11uiCu8R0dYwcd0MKwZUM+WrGauO/V7GrhnnbTmI1fRKT6VV583obh
e3zFt2zvvIPcC7SCtRp1hMSAqtVEWWUFS++6sfpnWTYfXaN6XZmg3dIjDUp5hKa7
+ilRNeewFKOH/kXm+UWcIwzw3SMSAIsfOKkoDvf0/N7/0MfEyDN3wt5E2mXb3M2B
Co5elfxqaJGMwZPBxpdWzUmNHrvVnFwWXn2Bsuo+lah6S/GLRajKnLxiJBJwXZWq
HesVEEK6hJjPBlUEY9a5
=b7jD
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU7IvdhLndAQH1ShLAQKpQQ//RdOHNgGtO0zF/VW3OLCu9x+G4rOvEwdq
eIHaMwb0Rm5IgMpaTnEkW1Bv+q4k56WVk4W2E1WZJdc9WKH7iozcSF7TuqeVfVgx
joZgoxKQ67QpM1PuBRbjYuCnc7V+rzl5AeLRdZQFk4kk3Elq4p+NwZpVuGW4EiRS
c4+kWXBPn3C32LLvo5eXGEpKjqABZjgRpmiem9+5jyuH8ZbMMa5/9TGaKLzmRdcO
jmLyxLTlYfzh3xXd4PRjm1Zjv+JFEc31PBoxQ/0rMSk8HQK7u9m8B3DB/m1Sadvg
jRexU10psdA4d06PFFAlQxdrqtXY8q5LBNcIH+qSmzorDqGAQwfpl8EpoDh8cHLZ
DatuHCAUcGoSHfQ73izayFrWM1ggg0wEpPNyFwfKq0PBycj/S5O56Kh9FqVWUFgl
iho302kZoKlx8AFxvU/nB8w2zt2gNlhz8BxnIl2Bb/mGW6eZ8S9xKUVLmsNzfsUi
UvjRHuowJzn42jie4DihBtUrN039vEv5Czo2SmyIenb2b1J2nTNCUzL/tdByU4Gh
FSxJiEn8Dj3r16Rtdxh9N9R5imQskY5t7aKBlwtutfU24yXeqQjpGbhj7evUqc0l
QnV4CDACHPJcR1QUetkacPqOpqGW23Gf+r1KFEHeOPjqwm7HbGyt+5hp/ci+Ni87
fXywnuIYQIA=
=1NCG
-----END PGP SIGNATURE-----