Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30552
HistoryMay 04, 2014 - 12:00 a.m.

APPLE-SA-2014-04-22-3 Apple TV 6.1.1

2014-05-0400:00:00
vulners.com
37
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-04-22-3 Apple TV 6.1.1

Apple TV 6.1.1 is now available and addresses the following:

Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker in a privileged network position can obtain web
site credentials
Description: Set-Cookie HTTP headers would be processed even if the
connection closed before the header line was complete. An attacker
could strip security settings from the cookie by forcing the
connection to close before the security settings were sent, and then
obtain the value of the unprotected cookie. This issue was addressed
by ignoring incomplete HTTP header lines.
CVE-ID
CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris

Apple TV
Available for: Apple TV 2nd generation and later
Impact: A local user can read kernel pointers, which can be used to
bypass kernel address space layout randomization
Description: A set of kernel pointers stored in an IOKit object
could be retrieved from userland. This issue was addressed through
removing the pointers from the object.
CVE-ID
CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's
Zero Day Initiative

Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker with a privileged network position may capture
data or change the operations performed in sessions protected by SSL
Description: In a 'triple handshake' attack, it was possible for an
attacker to establish two connections which had the same encryption
keys and handshake, insert the attacker's data in one connection, and
renegotiate so that the connections may be forwarded to each other.
To prevent attacks based on this scenario, Secure Transport was
changed so that, by default, a renegotiation must present the same
server certificate as was presented in the original connection.
CVE-ID
CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and
Alfredo Pironti of Prosecco at Inria Paris

Appel TV
Available for: Apple TV 2nd generation and later
Impact: An attacker with a privileged network position may cause an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2871 : miaubiz
CVE-2014-1298 : Google Chrome Security Team
CVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of
University of Szeged / Samsung Electronics
CVE-2014-1300 : Ian Beer of Google Project Zero working with HP's
Zero Day Initiative
CVE-2014-1302 : Google Chrome Security Team, Apple
CVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative
CVE-2014-1304 : Apple
CVE-2014-1305 : Apple
CVE-2014-1307 : Google Chrome Security Team
CVE-2014-1308 : Google Chrome Security Team
CVE-2014-1309 : cloudfuzzer
CVE-2014-1310 : Google Chrome Security Team
CVE-2014-1311 : Google Chrome Security Team
CVE-2014-1312 : Google Chrome Security Team
CVE-2014-1313 : Google Chrome Security Team
CVE-2014-1713 : VUPEN working with HP's Zero Day Initiative

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTVeuDAAoJEPefwLHPlZEwi1gQAKQn8w9zSwYjMTj7wLrucXdc
19j5H2gpJUZOc+banSg49DKorF+rJY7EF+cL2FzYC93aYa4E+LMXNpgl/xbiNKSZ
O8RxAGs/6YlgT6iU/kHjx5CX+g4whFBVx56QlPv3CUFGwa1XSv5CdXqjGZANgkHz
uTWxI6E2avi5uMUnyAuVcNDaq50rUxkCzSFDvdkCOAhWkeicR0QsYXq82W6mo6p9
rEueQ9KjM8hZEsGc6stBdXCsd7Thk3eHhQS/OasPz8GLUoc213goqmjaSPRQFRlS
Ya6YDLtyY0OdL2wNeiSC33EBhoPCjCbyMUFD2iLDZNblMwRa21MhlDXVSOaF03/8
QHeLacDY1+poax0e+VxZukhyDNNXjtOgCkd9kx86/vyinb/GqOKm+6tkaSriusc8
ImWorSbb32EfmSXIGnDL1TzTDES/UigOU6zgwappGH/DS9djHQxVFZ++N+WaVBiX
dhFPLNjKB8yWXBnHb95UzKJuWU0h13rkE9FlsGkSGxeZJRGPrvK/K4XAIviqU1yc
YePX4MY8yywD4jg74QrsZRLgkfn3N/T5LCsC3KD4ejrIkvLxui3hqRGVOK7Vdssk
F43/4FKOXk46s3xIuwlYcLuwCyLyisxrVawAsf8R6ReadKlmch2fJrnG9YqKZwki
74O1bqU5Zc80vDx+/x2O
=sFDM
-----END PGP SIGNATURE-----

Related

securityvulns 17
nessus 27
openvas 22
thn 1
cve 19
ubuntucve 14
seebug 10
prion 19
zdi 4
debiancve 2
checkpoint_advisories 1
zdt 1
exploitpack 1
exploitdb 1
threatpost 2
freebsd 2
chrome 3
mageia 2
suse 1
osv 2
debian 4
gentoo 2
securityvulns
securityvulns
Apple TV multiple security vulnerabitilies
2014-05-04 00:00:00
APPLE-SA-2014-04-22-2 iOS 7.1.1
2014-05-04 00:00:00
Apple iOS multiple security vulnerabilities
2014-05-04 00:00:00
nessus
nessus
Apple TV < 6.1.1 Multiple Vulnerabilities
2014-05-29 00:00:00
Safari < 6.1.3 / 7.0.3 Multiple Vulnerabilities
2014-04-10 00:00:00
Mac OS X : Apple Safari < 6.1.3 / 7.0.3 Multiple Vulnerabilities
2014-04-02 00:00:00
openvas
openvas
Apple Safari Multiple Memory Corruption Vulnerabilities-02 (Apr 2014) - Mac OS X
2014-04-07 00:00:00
Apple Safari Multiple Memory Corruption Vulnerabilities-01 (Apr 2014) - Mac OS X
2014-04-07 00:00:00
Apple Mac OS X Multiple Vulnerabilities-03 (Nov 2016)
2016-11-17 00:00:00
thn
thn
Update Your Safari Browser to Patch Two Dozen of Critical Vulnerabilities
2014-04-02 22:43:00
cve
cve
CVE-2014-1299
2014-04-02 16:17:00
CVE-2014-1298
2014-04-02 16:17:00
CVE-2014-1296
2014-04-23 11:52:00
ubuntucve
ubuntucve
CVE-2014-1298
2014-04-02 00:00:00
CVE-2014-1299
2014-04-02 00:00:00
CVE-2013-2871
2013-07-10 00:00:00
seebug
seebug
WebKit内存破坏漏洞(CVE-2014-1298)
2014-04-04 00:00:00
WebKit内存破坏漏洞(CVE-2014-1299)
2014-04-04 00:00:00
Apple Safari任意代码执行漏洞
2014-03-27 00:00:00
prion
prion
Memory corruption
2014-04-02 16:17:00
Design/Logic Flaw
2014-04-23 11:52:00
Design/Logic Flaw
2014-04-23 11:52:00
zdi
zdi
(Pwn2Own\Pwn4Fun) Apple OS X IOKit Kernel Information Disclosure Vulnerability
2014-05-02 00:00:00
(Pwn2Own\Pwn4Fun) Apple Webkit JSStringJoiner Memory Corruption Remote Code Execution Vulnerability
2014-04-11 00:00:00
(Pwn2Own) Google Chrome Blink Use-After-Free Remote Code Execution Vulnerability
2014-04-11 00:00:00
debiancve
debiancve
CVE-2013-2871
2013-07-10 10:55:00
CVE-2014-1713
2014-03-16 14:06:00
checkpoint_advisories
checkpoint_advisories
Google Chrome locationAttributeSetter Use After Free (CVE-2014-1713)
2014-09-11 00:00:00
zdt
zdt
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow Exploit
2018-03-01 00:00:00
exploitpack
exploitpack
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
2017-08-19 00:00:00
exploitdb
exploitdb
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
2017-08-19 00:00:00
threatpost
threatpost
Google Patches Four Pwn2Own Bugs in Chrome 33
2014-03-17 11:24:53
Google Fixes 17 Flaws in Chrome 28
2013-07-10 09:37:49
freebsd
freebsd
www/chromium -- multiple vulnerabilities
2014-03-14 00:00:00
chromium -- multiple vulnerabilities
2013-07-09 00:00:00
chrome
chrome
Stable Channel Update
2014-03-14 00:00:00
Stable Channel Update for Chrome OS
2014-03-14 00:00:00
Stable Channel Update
2013-07-09 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2014-03-19 21:33:30
Updated chromium-browser-stable packages fix security vulnerabilities
2013-07-26 15:52:03
suse
suse
chromium to 33.0.1750.152 stable release (important)
2014-04-09 19:04:26
osv
osv
chromium-browser - several
2013-07-17 00:00:00
chromium-browser - security update
2014-03-23 00:00:00
debian
debian
[SECURITY] [DSA 2724-1] chromium-browser security update
2013-07-18 21:59:40
[SECURITY] [DSA 2724-1] chromium-browser security update
2013-07-18 21:59:40
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:13
gentoo
gentoo
Chromium: Multiple vulnerabilities
2014-08-30 00:00:00
Chromium, V8: Multiple vulnerabilities
2013-09-24 00:00:00
JSON
Related for SECURITYVULNS:DOC:30552
securityvulns17nessus27openvas22thn1cve19ubuntucve14seebug10prion19zdi4debiancve2checkpoint_advisories1zdt1exploitpack1exploitdb1threatpost2freebsd2chrome3mageia2suse1osv2debian4gentoo2