Apple Security Advisory 2013-09-20-1 - Apple TV 6.0 is now available and addresses 57 different vulnerabilities.
1829e75185a589dc360c1424fc0d1fcbf1d9598859d451423d0cc59a18b7b1c9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-09-20-1 Apple TV 6.0
Apple TV 6.0 is now available and addresses the following:
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JBIG2
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1025 : Felix Groebert of the Google Security Team
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of Sorenson
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: TrustWave, a trusted root CA, has issued, and
subsequently revoked, a sub-CA certificate from one of its trusted
anchors. This sub-CA facilitated the interception of communications
secured by Transport Layer Security (TLS). This update added the
involved sub-CA certificate to OS X's list of untrusted certificates.
CVE-ID
CVE-2013-5134
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker who has arbitrary code execution on a device may
be able to persist code execution across reboots
Description: Multiple buffer overflows existed in dyld's
openSharedCacheFile() function. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2013-3950 : Stefan Esser
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JPEG2000
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1026 : Felix Groebert of the Google Security Team
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A malicious local application could cause an unexpected
system termination
Description: A null pointer dereference existed in IOCatalogue.
The issue was addressed through additional type checking.
CVE-ID
CVE-2013-5138 : Will Estes
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: An out of bounds array access existed in the
IOSerialFamily driver. This issue was addressed through additional
bounds checking.
CVE-ID
CVE-2013-5139 : @dent1zt
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A remote attacker can cause a device to unexpectedly restart
Description: Sending an invalid packet fragment to a device can
cause a kernel assert to trigger, leading to a device restart. The
issue was addressed through additional validation of packet
fragments.
CVE-ID
CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous
researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen
of Vulnerability Analysis Group, Stonesoft
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker on a local network can cause a denial of service
Description: An attacker on a local network can send specially
crafted IPv6 ICMP packets and cause high CPU load. The issue was
addressed by rate limiting ICMP packets before verifying their
checksum.
CVE-ID
CVE-2011-2391 : Marc Heuse
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Kernel stack memory may be disclosed to local users
Description: An information disclosure issue existed in the msgctl
and segctl APIs. This issue was addressed by initializing data
structures returned from the kernel.
CVE-ID
CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Unprivileged processes could get access to the contents of
kernel memory which could lead to privilege escalation
Description: An information disclosure issue existed in the
mach_port_space_info API. This issue was addressed by initializing
the iin_collision field in structures returned from the kernel.
CVE-ID
CVE-2013-3953 : Stefan Esser
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Unprivileged processes may be able to cause an unexpected
system termination or arbitrary code execution in the kernel
Description: A memory corruption issue existed in the handling of
arguments to the posix_spawn API. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-3954 : Stefan Esser
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An unauthorized process may modify the set of loaded kernel
extensions
Description: An issue existed in kextd's handling of IPC messages
from unauthenticated senders. This issue was addressed by adding
additional authorization checks.
CVE-ID
CVE-2013-5145 : "Rainbow PRISM"
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxml.
These issues were addressed by updating libxml to version 2.9.0.
CVE-ID
CVE-2011-3102 : Juri Aedla
CVE-2012-0841
CVE-2012-2807 : Juri Aedla
CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxslt.
These issues were addressed by updating libxslt to version 1.1.28.
CVE-ID
CVE-2012-2825 : Nicolas Gregoire
CVE-2012-2870 : Nicolas Gregoire
CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas
Gregoire
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-0879 : Atte Kettunen of OUSPG
CVE-2013-0991 : Jay Civelli of the Chromium development community
CVE-2013-0992 : Google Chrome Security Team (Martin Barbella)
CVE-2013-0993 : Google Chrome Security Team (Inferno)
CVE-2013-0994 : David German of Google
CVE-2013-0995 : Google Chrome Security Team (Inferno)
CVE-2013-0996 : Google Chrome Security Team (Inferno)
CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative
CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative
CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative
CVE-2013-1000 : Fermin J. Serna of the Google Security Team
CVE-2013-1001 : Ryan Humenick
CVE-2013-1002 : Sergey Glazunov
CVE-2013-1003 : Google Chrome Security Team (Inferno)
CVE-2013-1004 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1005 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1006 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1007 : Google Chrome Security Team (Inferno)
CVE-2013-1008 : Sergey Glazunov
CVE-2013-1010 : miaubiz
CVE-2013-1011
CVE-2013-1037 : Google Chrome Security Team
CVE-2013-1038 : Google Chrome Security Team
CVE-2013-1039 : own-hero Research working with iDefense VCP
CVE-2013-1040 : Google Chrome Security Team
CVE-2013-1041 : Google Chrome Security Team
CVE-2013-1042 : Google Chrome Security Team
CVE-2013-1043 : Google Chrome Security Team
CVE-2013-1044 : Apple
CVE-2013-1045 : Google Chrome Security Team
CVE-2013-1046 : Google Chrome Security Team
CVE-2013-1047 : miaubiz
CVE-2013-2842 : Cyril Cattiaux
CVE-2013-5125 : Google Chrome Security Team
CVE-2013-5126 : Apple
CVE-2013-5127 : Google Chrome Security Team
CVE-2013-5128 : Apple
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSPKFKAAoJEPefwLHPlZEwbNcP/352LQ8RLNL4kdQN7HkNV4lE
F4r9LGM+SUyUHaXO/mUDGZxodhsLYdEVPZ9gYAkecbxqYBRw8vHiXtRHIwMdl92I
OWIAtr5Zbd55Dv9hH7SvC9ji4bA+I+8AScVZkkXIresh8fRlkID/KxM9Z8ImgVpz
b3pmFAfI35VaEdsefjX32f9p9SAEq58qi+59LVVjwnMu1/29zbvQlVatYz5+ISaz
LiBIV8zCpeDiaa3M+VmHQFR8CRjlDHinEs55wlFsKITQ29iABAO4hHQJg5+djPwo
tWZo6nVEuMhbwTL9xHKFriwmsio17Ky/qdJu1+c6nBfz/Wu2SqqtgwQTJXgOEU6N
G7N3bvLpaTE7rtPRmeFrXg79wfKVGgwu1OwYvTDnMQ7VcI9Oal2akSBDzEMHXHVN
wvUDbXAU2Ya+Ii46kgm5Xbbhr4yw2ckbuY7/b4w7S1iPFLGgk29vQK0wazF8yj/E
yoPLWgTUgQLwWldvxHX/XcOTSXAlf2tOvWz257DMqoqT8brQ6a5CjAvTDHRRRFau
pOkzb3hV/C4Rx/8L+O/NVYLH4RmWhyjqfzKLvIYGTM1w8AoBKqvNcUitlwDMQTyw
d9dhdaD6WbqOh9SC4qj3Nr6LijRr4Elgp+HUBlBmvnanS26zUsynXRYy1bvnJ3Po
Xp07MGtHmSPNt4ShV2XP
=G8s7
-----END PGP SIGNATURE-----