Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.1060 Apple TV 6.1.2 1 July 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apple TV Publisher: Apple Operating System: Apple iOS Impact/Access: Root Compromise -- Remote with User Interaction Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote with User Interaction Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2014-1731 CVE-2014-1383 CVE-2014-1382 CVE-2014-1368 CVE-2014-1367 CVE-2014-1366 CVE-2014-1365 CVE-2014-1364 CVE-2014-1363 CVE-2014-1362 CVE-2014-1361 CVE-2014-1359 CVE-2014-1358 CVE-2014-1357 CVE-2014-1356 CVE-2014-1355 CVE-2014-1343 CVE-2014-1342 CVE-2014-1341 CVE-2014-1339 CVE-2014-1338 CVE-2014-1337 CVE-2014-1336 CVE-2014-1335 CVE-2014-1334 CVE-2014-1333 CVE-2014-1331 CVE-2014-1330 CVE-2014-1329 CVE-2014-1327 CVE-2014-1326 CVE-2014-1325 CVE-2014-1323 CVE-2013-2927 CVE-2013-2875 Reference: ASB-2014.0057 ESB-2014.1059 ESB-2014.1057 ESB-2014.0792 ESB-2014.0657 ASB-2013.0114 ASB-2013.0083 ESB-2013.1530 ESB-2013.0994 ESB-2014.1058.2 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-4 Apple TV 6.1.2 Apple TV 6.1.2 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Apple TV Available for: Apple TV 2nd generation and later Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Apple TV Available for: Apple TV 2nd generation and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community Apple TV Available for: Apple TV 2nd generation and later Impact: An iTunes Store transaction may be completed with insufficient authorization Description: A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. This issue was addressed by additional enforcement of purchase authorization. CVE-ID CVE-2014-1383 Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaLGAAoJEBcWfLTuOo7tgDkQAISO0VZeghUvKSWSJfPC7mlW g8jGo58zwkZmjNcd0V907jHlK2UdNtHrV9SSvhvrYWhfVezoVrvg1EMciDMtdlxp KHvAiCmiHJbs2NL3qrJSxjBZQfsovs1k0ju1MLAtiPjnNjzRLra01ww+IKjMK3j6 FldfDXFT5Fhag2qcyH4NuI/BNb2rKSxHp7F2A64e3aKR00DKmyOGXpF9fIZes37P OqYWYRKfJ+sXMI8AOP/V++SuZ0SiUhSRKX8nSF0bNu1qpG9TvsBcZOjDigN0JMZg 8aD7be8KBs9vjSuRAG96q0fkf1ePN4MUIpe+uTHE2LJbOphvoKwYoSthfFc8KQ18 x9dVbHNd9Kfhqg5Gf10yr+a6pyxFMjTWEjs3UtDGQw8ZLUdggHtyqZHLVsszNgmA m+LK6sQSWn11uiCu8R0dYwcd0MKwZUM+WrGauO/V7GrhnnbTmI1fRKT6VV583obh e3zFt2zvvIPcC7SCtRp1hMSAqtVEWWUFS++6sfpnWTYfXaN6XZmg3dIjDUp5hKa7 +ilRNeewFKOH/kXm+UWcIwzw3SMSAIsfOKkoDvf0/N7/0MfEyDN3wt5E2mXb3M2B Co5elfxqaJGMwZPBxpdWzUmNHrvVnFwWXn2Bsuo+lah6S/GLRajKnLxiJBJwXZWq HesVEEK6hJjPBlUEY9a5 =b7jD - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU7IvdhLndAQH1ShLAQKpQQ//RdOHNgGtO0zF/VW3OLCu9x+G4rOvEwdq eIHaMwb0Rm5IgMpaTnEkW1Bv+q4k56WVk4W2E1WZJdc9WKH7iozcSF7TuqeVfVgx joZgoxKQ67QpM1PuBRbjYuCnc7V+rzl5AeLRdZQFk4kk3Elq4p+NwZpVuGW4EiRS c4+kWXBPn3C32LLvo5eXGEpKjqABZjgRpmiem9+5jyuH8ZbMMa5/9TGaKLzmRdcO jmLyxLTlYfzh3xXd4PRjm1Zjv+JFEc31PBoxQ/0rMSk8HQK7u9m8B3DB/m1Sadvg jRexU10psdA4d06PFFAlQxdrqtXY8q5LBNcIH+qSmzorDqGAQwfpl8EpoDh8cHLZ DatuHCAUcGoSHfQ73izayFrWM1ggg0wEpPNyFwfKq0PBycj/S5O56Kh9FqVWUFgl iho302kZoKlx8AFxvU/nB8w2zt2gNlhz8BxnIl2Bb/mGW6eZ8S9xKUVLmsNzfsUi UvjRHuowJzn42jie4DihBtUrN039vEv5Czo2SmyIenb2b1J2nTNCUzL/tdByU4Gh FSxJiEn8Dj3r16Rtdxh9N9R5imQskY5t7aKBlwtutfU24yXeqQjpGbhj7evUqc0l QnV4CDACHPJcR1QUetkacPqOpqGW23Gf+r1KFEHeOPjqwm7HbGyt+5hp/ci+Ni87 fXywnuIYQIA= =1NCG -----END PGP SIGNATURE-----