Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.3072
tvOS 9.1
9 December 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Apple TV
Publisher: Apple
Operating System: Apple iOS
Impact/Access: Root Compromise -- Remote with User Interaction
Execute Arbitrary Code/Commands -- Remote with User Interaction
Access Privileged Data -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-7112 CVE-2015-7111 CVE-2015-7110
CVE-2015-7109 CVE-2015-7105 CVE-2015-7104
CVE-2015-7103 CVE-2015-7102 CVE-2015-7101
CVE-2015-7100 CVE-2015-7099 CVE-2015-7098
CVE-2015-7097 CVE-2015-7096 CVE-2015-7095
CVE-2015-7084 CVE-2015-7083 CVE-2015-7079
CVE-2015-7075 CVE-2015-7074 CVE-2015-7073
CVE-2015-7072 CVE-2015-7068 CVE-2015-7066
CVE-2015-7065 CVE-2015-7064 CVE-2015-7062
CVE-2015-7061 CVE-2015-7060 CVE-2015-7059
CVE-2015-7058 CVE-2015-7055 CVE-2015-7054
CVE-2015-7053 CVE-2015-7051 CVE-2015-7048
CVE-2015-7047 CVE-2015-7046 CVE-2015-7045
CVE-2015-7043 CVE-2015-7042 CVE-2015-7041
CVE-2015-7040 CVE-2015-7039 CVE-2015-7038
CVE-2015-7001 CVE-2015-3807 CVE-2011-2895
Reference: ESB-2015.2114
Original Bulletin:
https://support.apple.com/en-au/HT205640
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-2 tvOS 9.1
tvOS 9.1 is now available and addresses the following:
AppleMobileFileIntegrity
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An access control issue was addressed by preventing
modification of access control structures.
CVE-ID
CVE-2015-7055 : Apple
AppSandbox
Available for: Apple TV (4th generation)
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
Compression
Available for: Apple TV (4th generation)
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
Configuration Profiles
Available for: Apple TV (4th generation)
Impact: A local attacker may be able to install a configuration
profile without admin privileges
Description: An issue existed when installing configuration
profiles. This issue was addressed through improved authorization
checks.
CVE-ID
CVE-2015-7062 : David Mulder of Dell Software
CoreGraphics
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: Apple TV (4th generation)
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074
CVE-2015-7075 : Apple
Disk Images
Available for: Apple TV (4th generation)
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7110 : Ian Beer of Google Project Zero
dyld
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple segment validation issues existed in dyld.
These were addressed through improved environment sanitization.
CVE-ID
CVE-2015-7072 : Apple
CVE-2015-7079 : PanguTeam
ImageIO
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7109 : Juwei Lin of TrendMicro
IOHIDFamily
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
Kernel
Available for: Apple TV (4th generation)
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: Apple TV (4th generation)
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: Apple TV (4th generation)
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
Keychain Access
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to masquerade as the
Keychain Server.
Description: An issue existed in how Keychain Access interacted with
Keychain Agent. This issue was resolved by removing legacy
functionality.
CVE-ID
CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University
Bloomington, Xiaolong Bai of Indiana University Bloomington and
Tsinghua University, Tongxin Li of Peking University, Kai Chen of
Indiana University Bloomington and Institute of Information
Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi-
Min Hu of Tsinghua University, and Xinhui Han of Peking University
libarchive
Available for: Apple TV (4th generation)
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libxml2
Available for: Apple TV (4th generation)
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
MobileStorageMounter
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A timing issue existed in loading of the trust cache.
This issue was addressed by validating the system environment before
loading the trust cache.
CVE-ID
CVE-2015-7051 : PanguTeam
OpenGL
Available for: Apple TV (4th generation)
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
Sandbox
Available for: Apple TV (4th generation)
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: Apple TV (4th generation)
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the ASN.1
decoder. These issues were addressed through improved input
validation
CVE-ID
CVE-2015-7059 : David Keeler of Mozilla
CVE-2015-7060 : Tyson Smith of Mozilla
CVE-2015-7061 : Ryan Sleevi of Google
Security
Available for: Apple TV (4th generation)
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058
WebKit
Available for: Apple TV (4th generation)
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7048 : Apple
CVE-2015-7095 : Apple
CVE-2015-7096 : Apple
CVE-2015-7097 : Apple
CVE-2015-7098 : Apple
CVE-2015-7099 : Apple
CVE-2015-7100 : Apple
CVE-2015-7101 : Apple
CVE-2015-7102 : Apple
CVE-2015-7103 : Apple
CVE-2015-7104 : Apple
WebKit
Available for: Apple TV (4th generation)
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZ0h6AAoJEBcWfLTuOo7tyYwP/0PVcJ9ykd+f8Lv9xZhfAT0t
RhWFRFypSVM2QK5FniUTuXUJzbltCe5dSpzsijljHg+ArWZo3n1uk4qV8ePSBruT
q9g8wLuy2Af1GIaFi0dle4EVrNyilzeYgLXnTc4QSZpmGgEBb6BMQGWV4WlQ0F1K
QznutibAHxLx03kjZ0rjkkDRGm11ZgWOxGpLYRyHz9FflLM3kywWeyP/3BTjqxhe
TL7zmgEHkKUoE9sJtx1sJxsImgLPCCyZxtIiaUAd1oW1Qw8wn9yqdXIPaKxc/mGV
toSIDyNTEDvn6nBHp9maBnA0jpX+f4un5h3fD/6JphxqFLqkQa6cvoNmicxLNE+4
uPxYdpzwEGfSWnVlaeSfi3cjJVeGvUs0dBSRVjSqJHDJsFowftM/e3WcDWFRNLbq
8bz8ty19wjsPzt/pzpTyRHbehqarwQPj3HJgSd01t3mWVEfhUHXiBnRqNtgcMmyp
oJ9FGCZs1+4uuH48tmZMj/cO9EA9RsjmqeeoSyuwH6aRIp4iI/qraF9VOilyzq4F
/jwCTlOQLU9lORcdDKYKhWef/MrSeAP3f5VQXlnneuyCDjlSngplOvPaS0fJhnzg
+J+HJe4a5B6SxSDuQfGTelkoukWOmDTWmUbS884oMRjKlSjIiJXQtUlby64Z74w2
i9h0XMH2VsnIEt6QHnAd
=rqk9
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVme7Yn6ZAP0PgtI9AQLDjBAApPPRM9gGXnB5rsctkx0D0HAxmJGu6ZTY
KV+iIgOGsFndluojPj3C49tZdyaC0nskzWLhEGKN7Iyg5gI7N5CusCVz1OGja7mx
VsGsXgF9RT89djcAkhqvDEvaSArteDYPzJuWa1YFD/6yOL5+ohrSNJUuONg/94mG
BvXc1sh2mX5EpUHSaLanwSMNnPdZB0WJnSjzdhZYAD4yf7JIs9Cl2I95jYuMWzNv
e4HjpqXRuaHtYHZKeVB1L4xsMvAHTQqD1THW8iyRkZxN8zPdLNA2HMWz77Zk11Uz
RVXgtsSS3hV2lJuH31nZRL8UKaVcIlTb8LsusywtlexCaL+sWuBh2n07hldEKbGH
h8cyiLmABvb5R0O8lea1+DNH3oD+jMXytkpAcelXYd1g7KK6L/srcv9hucdc2nA7
3gbP2cLsgzrt95Y+RS/coUBBZQUNoT2NWfI7MslYZlll5j9xPik+ekV58B+2hI7O
HypIY8DI1GfLeH3jLYPMobNAASC73uWXEMYaL9Bn9TQBOCe9IcYQxqb46BQ1vPVM
nH4CQFJKX0Ojh/yoq3SuMZ1RM3thHosrlwbGkst8mrN7whqKLYEuX3EzaowAWBSW
yyj1vt9yXDH5PNr75Ty2XqTPSKmZpSyTiSoKBTUQYE2a8SqEu2RfFtasKn3hysKj
GT8HpLLm5PE=
=1O3G
-----END PGP SIGNATURE-----