Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2216 tvOS 10 21 September 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tvOS Publisher: Apple Operating System: Apple iOS Impact/Access: Root Compromise -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-5131 CVE-2016-4778 CVE-2016-4777 CVE-2016-4776 CVE-2016-4775 CVE-2016-4774 CVE-2016-4773 CVE-2016-4772 CVE-2016-4768 CVE-2016-4767 CVE-2016-4766 CVE-2016-4765 CVE-2016-4759 CVE-2016-4753 CVE-2016-4738 CVE-2016-4737 CVE-2016-4735 CVE-2016-4734 CVE-2016-4733 CVE-2016-4730 CVE-2016-4728 CVE-2016-4726 CVE-2016-4725 CVE-2016-4718 CVE-2016-4712 CVE-2016-4708 CVE-2016-4702 CVE-2016-4658 CVE-2016-4611 Reference: ASB-2016.0077 Original Bulletin: https://support.apple.com/en-au/HT207142 - --------------------------BEGIN INCLUDED TEXT-------------------- APPLE-SA-2016-09-20-6 tvOS 10 The tvOS 10 advisory has been released to describe the entries below: Audio Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park, and Taekyoung Kwon of Information Security Lab, Yonsei University Entry added September 20, 2016 CFNetwork Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may compromise user information Description: An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking. CVE-2016-4708: Dawid Czagan of Silesia Security Lab Entry added September 20, 2016 CoreCrypto Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code Description: An out-of-bounds write issue was addressed by removing the vulnerable code. CVE-2016-4712: Gergo Koteles Entry added September 20, 2016 FontParser Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4718: Apple Entry added September 20, 2016 IOAcceleratorFamily Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4725: Rodger Combs of Plex, Inc. Entry added September 20, 2016 IOAcceleratorFamily Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4726: an anonymous researcher Entry added September 20, 2016 Kernel Available for: Apple TV (4th generation) Impact: A remote attacker may be able to cause a denial of service Description: A lock handling issue was addressed through improved lock handling. CVE-2016-4772: Marc Heuse of mh-sec Entry added September 20, 2016 Kernel Available for: Apple TV (4th generation) Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation. CVE-2016-4773: Brandon Azad CVE-2016-4774: Brandon Azad CVE-2016-4776: Brandon Azad Entry added September 20, 2016 Kernel Available for: Apple TV (4th generation) Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4775: Brandon Azad Entry added September 20, 2016 Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An untrusted pointer dereference was addressed by removing the affected code. CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team Entry added September 20, 2016 Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4778: CESG Entry added September 20, 2016 libxml2 Available for: Apple TV (4th generation) Impact: Multiple issues in libxml2, the most significant of which may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4658: Nick Wellnhofer CVE-2016-5131: Nick Wellnhofer Entry added September 20, 2016 libxslt Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4738: Nick Wellnhofer Entry added September 20, 2016 Security Available for: Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in signed disk images. This issue was addressed through improved size validation. CVE-2016-4753: Mark Mentovai of Google Inc. Entry added September 20, 2016 WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A parsing issue existed in the handling of error prototypes. This was addressed through improved validation. CVE-2016-4728: Daniel Divricean Entry added September 20, 2016 WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4611: Apple CVE-2016-4730: Apple CVE-2016-4734: Natalie Silvanovich of Google Project Zero CVE-2016-4735: André Bargull CVE-2016-4737: Apple CVE-2016-4759: Tongbo Luo of Palo Alto Networks CVE-2016-4766: Apple CVE-2016-4767: Apple CVE-2016-4768: Anonymous working with Trend Micro's Zero Day Initiative Entry added September 20, 2016 WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management. CVE-2016-4733: Natalie Silvanovich of Google Project Zero CVE-2016-4765: Apple Entry added September 20, 2016 Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software. To check the current version of software, select "Settings -> General -> About. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV+H0Q4x+lLeg9Ub1AQh4hxAAlc2W+yqPJJm2UfRFJhec2s1V2ArreR/a LpcTpmtvDhFgCRtq9jYCL1j5/I3eZKhuWMo0Mtp4LOl3Gjlzurn63r0H9n6JVBsU 5uKXf8zJRG9PRCcjnj+W0Qs8RZ9dwNTjrAYT/MeOjhKx+Mrk6MO2D5ddXdT7FR5d ZcPE+fyVo1bZ2bF80cscVXb3JJ9lE56EJA+H5M7AGbWNZaefnjehG0WnRDkkWq8N MZQT0TZhZR0NboFgCwgUHywMXXlTGSrT6lxN5pB3IkR9kX9Wt5wfkQeSIUT8SrmQ w7W606lhmEr35vp5r5MuFFfsb8dsUaDP7W/7H7DLPmPiI9i0r5mI0myzZRr/Az+D XJfQGkTJyjVS39I616dyRj1DnD209cC28DJ9vnG2DJm6dfK5RPYKcqtNx6vHCARt lKO3RIWmCTcf75ViR1Ygf8nFCMDAYU4jxCDkEB6JUtw/h11BP1kW7G9LGDxmxcLG EbwzDuX+WL1YVVJVjKczMplPrpAw4OeIGlE3eVQI1+1OEOqAj+GduKI0qcsHdRU/ dkwyJVxlQ9zq4uOZf5xPkDZf8wsIbZNjtswyoQZ5WU/JDVj0A8aGe9H0TRzPqBF9 tWyrf0ipWm6AgDaToCvZmASAnxE0xgj+pgcbGnRpGoQ0b8O0advTu1USrQa1Oaoa 1lWFtP2UXWU= =+Khn -----END PGP SIGNATURE-----