Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.0989 APPLE-SA-2019-3-25-3 tvOS 12.2 26 March 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tvOS Publisher: Apple Operating System: Apple iOS Impact/Access: Root Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Cross-site Scripting -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-8563 CVE-2019-8562 CVE-2019-8559 CVE-2019-8558 CVE-2019-8556 CVE-2019-8553 CVE-2019-8552 CVE-2019-8551 CVE-2019-8549 CVE-2019-8545 CVE-2019-8544 CVE-2019-8542 CVE-2019-8540 CVE-2019-8536 CVE-2019-8535 CVE-2019-8530 CVE-2019-8527 CVE-2019-8524 CVE-2019-8523 CVE-2019-8518 CVE-2019-8517 CVE-2019-8516 CVE-2019-8515 CVE-2019-8514 CVE-2019-8510 CVE-2019-8506 CVE-2019-8503 CVE-2019-8502 CVE-2019-7293 CVE-2019-7292 CVE-2019-7286 CVE-2019-7285 CVE-2019-6237 CVE-2019-6207 CVE-2019-6201 Reference: ESB-2019.0987 ESB-2019.0986 ESB-2019.0389 ESB-2019.0388 Original Bulletin: https://support.apple.com/en-au/HT209601 - --------------------------BEGIN INCLUDED TEXT-------------------- APPLE-SA-2019-3-25-3 tvOS 12.2 tvOS 12.2 is now available and addresses the following: CFString Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc. configd Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36) CoreCrypto Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher file Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher Foundation Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Gross of Google Project Zero GeoServices Available for: Apple TV 4K and Apple TV (4th generation) Impact: Clicking a malicious SMS link may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2019-8553: an anonymous researcher iAP Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher IOHIDFamily Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6) Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Gross of Google Project Zero Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG Power Management Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com) Siri Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Caraba of University POLITEHNICA of Bucharest, and Razvan Deaconescu of University POLITEHNICA of Bucharest TrueTypeScaler Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-8551: Ryan Pickren (ryanpickren.com) WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6201: dwfault working with ADLab of Venustech CVE-2019-8518: Samuel Gross of Google Project Zero CVE-2019-8523: Apple CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8558: Samuel Gross of Google Project Zero CVE-2019-8559: Apple CVE-2019-8563: Apple WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8536: Apple CVE-2019-8544: an anonymous researcher WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cross-origin issue existed with the fetch API. This was addressed with improved input validation. CVE-2019-8515: James Lee (@Windowsrcer) WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-7285: dwfault working at ADLab of Venustech CVE-2019-8556: Apple WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8506: Samuel Gross of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may be able to execute scripts in the context of another website Description: A logic issue was addressed with improved validation. CVE-2019-8503: Linus Sarud of Detectify WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A validation issue was addressed with improved logic. CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team XPC Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs Additional recognition Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Safari We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance. WebKit We would like to acknowledge Andrey Kovalev of Yandex Security Team for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXJmtJ2aOgq3Tt24GAQir+xAAm2Dc/DAQzdwNiXI50LLXOAPB12spg5pc J1xWo4mr6suq6nHvmpLfp8chLuFyeIMFGLT5H5Rn1MfZvF1RQZJYQSrso3sPTlSt HNnEyJHQqVC+huNIsFGq5DU1ZZBGr/sBp6L5b3HZOtofmtpAuQ0BVh3vU7kIBEQn cmypcwrCzSO0olz7lXHcqxy8FM6dfaJ227kh7/yUADQ7IX7tHqum8tFFt7ud5uzE MuvIavgOfZqlcCNsNIt5jPMs9Gq9LJauVHo5yWUOFUOoB0icGKxvYzJ5E7BJOyaw GjPIgE2aFEpAOlXkF8dx3vsEJIKyhJOQlAvp6HHK41694Yg4ODR5Hluv1pWfuIKl fpGD52XEFKG5QncU/Y22MqxHC3zzHMylPBzOOwRjMadfr8Mkmslhxn+lgCoO7rh4 Lmn7SOYafe5Ju1bkVwfFQsrCGzAyuqYCxmxiMBaYAGxbmv/Gc1Ag+Z+gTaIbysTR 6MNmZ145NOzj4qOG6CRRYJN6gNasrw3c5clsm0HwNnF6S9JzlSnMPFdFKzSslIKR c4FME+m1lSaeSJut7PdlcRxpzba6Q2TavtpgIgPqpjuppE200xEoSDStoYIq6a/a P3mNdPCL7tUN8dgOrBv2lYvpCPiRla/s2E5IEYjMtLCPrwcB+ioV6S9nT0Uq+UwQ es+K4exftVE= =sCCb -----END PGP SIGNATURE-----