Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31891
HistoryApr 09, 2015 - 12:00 a.m.

APPLE-SA-2015-04-08-4 Apple TV 7.2

2015-04-0900:00:00
vulners.com
40
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-04-08-4 Apple TV 7.2

Apple TV 7.2 is now available and addresses the following:

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOKit objects used by an
audio driver. This issue was addressed through improved validation of
metadata.
CVE-ID
CVE-2015-1086

Apple TV
Available for: Apple TV 3rd generation and later
Impact: An application using NSXMLParser may be misused to disclose
information
Description: An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2015-1092 : Ikuya Fukumoto

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOAcceleratorFamily that led to the
disclosure of kernel memory content. This issue was addressed by
removing unneeded code.
CVE-ID
CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious HID device may be able to cause arbitrary code
execution
Description: A memory corruption issue existed in an IOHIDFamily
API. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1095 : Andrew Church

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOHIDFamily that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-1096 : Ilja van Sprundel of IOActive

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in MobileFrameBuffer that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security
Research Team

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious application may be able to cause a system denial
of service
Description: A race condition existed in the kernel's setreuid
system call. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1099 : Mark Mentovai of Google Inc.

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious application may escalate privileges using a
compromised service intended to run with reduced privileges
Description: setreuid and setregid system calls failed to drop
privileges permanently. This issue was addressed by correctly
dropping privileges.
CVE-ID
CVE-2015-1117 : Mark Mentovai of Google Inc.

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious application may be able to cause unexpected
system termination or read kernel memory
Description: A out of bounds memory access issue existed in the
kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1100 : Maxime Villard of m00nbsd

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative

Apple TV
Available for: Apple TV 3rd generation and later
Impact: An attacker with a privileged network position may be able
to cause a denial of service
Description: A state inconsistency existed in the processing of TCP
headers. This issue was addressed through improved state handling.
CVE-ID
CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab

Apple TV
Available for: Apple TV 3rd generation and later
Impact: An attacker with a privileged network position may be able
to redirect user traffic to arbitrary hosts
Description: ICMP redirects were enabled by default on iOS. This
issue was addressed by disabling ICMP redirects.
CVE-ID
CVE-2015-1103 : Zimperium Mobile Security Labs

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A remote attacker may be able to bypass network filters
Description: The system would treat some IPv6 packets from remote
network interfaces as local packets. The issue was addressed by
rejecting these packets.
CVE-ID
CVE-2015-1104 : Stephen Roettger of the Google Security Team

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A state inconsistency issue existed in the handling of
TCP out of band data. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1105 : Kenton Varda of Sandstorm.io

Apple TV
Available for: Apple TV 3rd generation and later
Impact: Processing a maliciously crafted configuration profile may
lead to unexpected application termination
Description: A memory corruption issue existed in the handling of
configuration profiles. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of
FireEye, Inc.

Apple TV
Available for: Apple TV 3rd generation and later
Impact: Unnecessary information may be sent to external servers when
downloading podcast assets
Description: When downloading assets for podcast a user was
subscribed to, unique identifiers were sent to external servers. This
issue was resolved by removing these identifiers.
CVE-ID
CVE-2015-1110 : Alex Selivanov

Apple TV
Available for: Apple TV 3rd generation and later
Impact: Hardware identifiers may be accessible by third-party apps
Description: An information disclosure issue existed in the third-
party app sandbox. This issue was addressed by improving the sandbox
profile.
CVE-ID
CVE-2015-1114

Apple TV
Available for: Apple TV 3rd generation and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-1068 : Apple
CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2015-1070 : Apple
CVE-2015-1071 : Apple
CVE-2015-1072
CVE-2015-1073 : Apple
CVE-2015-1074 : Apple
CVE-2015-1076
CVE-2015-1077 : Apple
CVE-2015-1078 : Apple
CVE-2015-1079 : Apple
CVE-2015-1080 : Apple
CVE-2015-1081 : Apple
CVE-2015-1082 : Apple
CVE-2015-1083 : Apple
CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung
Electronics
CVE-2015-1120 : Apple
CVE-2015-1121 : Apple
CVE-2015-1122 : Apple
CVE-2015-1123 : Randy Luecke and Anoop Menon of Google Inc.
CVE-2015-1124 : Apple

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVJHMgAAoJEBcWfLTuOo7tjVUP/3e7Bo8L4f4+EFs7jkhKVzP5
6LxAuhAtXu+476K1iDKOwa0gyLu8ftp95Af0rgUHjqmNGgsrAYZPgG8Q3HzS/RpK
1JyShFHNIF87sqVGYfVpRthO10yRAQxNmJ/6zGTRU/Djwb/FBZyrMcbG0SMZ47KX
CerNerPwiI7dzKWWNHgvmj9ydJU9bSyI5bgweQ565BLKs0Lar8aqj6A/iV1Ekltn
A33LSrgMTgK+pjUl1CwQLZ05x9YPpCGXsA55u3MApfL2ZdoOk0VBpi/e56JrSq1J
BioCyTJn+DwDY+FjGg5vCjeGJGq4zQ/2SsLQwKLiK6Fje68LutNtrqPtNApWabh3
j876IiLpih2ZMV4KgqvCrkkMI2fkXlVOMLKUhI+UHJ4aWJTNprRwLbaJ7boQ9TCy
MJ9B39iPJtyZWtorXBUc0RC2N1HLj5ONZut6FtRkIoiMTaGe6ejbvM39BWC+1sgW
PsAYkvrEKzTcSdC6yY1RI2bufBD9SgtMD8f6y/q912uHf55poPSR9SV1iV5Tzftz
UPvxGTLlmcXzU52nlSZNYEp4U9Nh02ltUYhs6MptoVvHf4MZW9TaIj9YpBNdVMvb
vjB3UoPyAAb4GUqqVK6l5c6wlCyoCRg6Z86a99bW7PKBUP5C0LEzqwbZIMCkrX3i
iPMObURhCq+xIYRUTKXE
=ktgN
-----END PGP SIGNATURE-----

Related

securityvulns 12
nessus 21
openvas 9
kaspersky 2
prion 38
cve 38
zdi 2
ubuntucve 21
exploitpack 1
threatpost 3
exploitdb 1
fedora 6
mageia 2
ubuntu 1
securityvulns
securityvulns
Apple TV multiple security vulnerabilities
2015-04-09 00:00:00
APPLE-SA-2015-03-17-1 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4
2015-03-18 00:00:00
Apple Safari / Webkit multiple security vulnerabilities
2015-03-18 00:00:00
nessus
nessus
Apple TV < 7.2 Multiple Vulnerabilities
2015-04-10 00:00:00
Mac OS X : Apple Safari < 6.2.4 / 7.1.4 / 8.0.4 Multiple Vulnerabilities
2015-03-18 00:00:00
Safari < 6.2.4 / 7.1.4 / 8.0.4 Multiple Vulnerabilities
2015-04-17 00:00:00
openvas
openvas
Apple Safari 'Webkit' Multiple Vulnerabilities -01 Mar15 (Mac OS X)
2015-03-27 00:00:00
Apple Safari Multiple Vulnerabilities -01 Apr15 (Mac OS X)
2015-04-23 00:00:00
Apple Mac OS X Multiple Vulnerabilities-01 Apr15
2015-04-24 00:00:00
kaspersky
kaspersky
KLA10466 Multiple vulnerabilities in Apple Safari
2015-03-17 00:00:00
KLA10620 Multiple vulnerabilities in Apple iTunes
2015-06-30 00:00:00
prion
prion
Code injection
2015-04-10 14:59:00
Design/Logic Flaw
2015-04-10 14:59:00
Memory corruption
2015-03-18 22:59:00
cve
cve
CVE-2015-1110
2015-04-10 14:59:00
CVE-2015-1117
2015-04-10 14:59:00
CVE-2015-1114
2015-04-10 14:59:00
zdi
zdi
(Pwn2Own) Apple Safari Uninitialized Buffer Use-After-Free Remote Code Execution Vulnerability
2015-04-08 00:00:00
Apple OS X XNU HFS_GETPATH Buffer Overflow Privilege Escalation Vulnerability
2015-04-08 00:00:00
ubuntucve
ubuntucve
CVE-2015-1069
2015-03-18 00:00:00
CVE-2015-1119
2015-04-10 00:00:00
CVE-2015-1082
2015-03-18 00:00:00
exploitpack
exploitpack
Apple Mac OSX - Local Denial of Service
2015-04-21 00:00:00
threatpost
threatpost
Apple Fixes Proxy Manipulation Vulnerability in iOS 8.3
2015-04-09 11:10:47
Apple Yosemite 10.10.3 OS Security Patches
2015-04-09 11:03:48
Darwin Nuke Vulnerability Details in OS X, iOS Disclosed
2015-04-13 10:03:42
exploitdb
exploitdb
Apple Mac OSX - Local Denial of Service
2015-04-21 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: webkitgtk3-2.4.10-1.fc24
2016-03-27 00:38:22
[SECURITY] Fedora 23 Update: webkitgtk3-2.4.10-1.fc23
2016-03-21 01:53:49
[SECURITY] Fedora 24 Update: webkitgtk-2.4.10-1.fc24
2016-03-27 00:38:11
mageia
mageia
Updated webkit packages fix security vulnerability
2016-03-25 09:38:37
Updated webkit2 packages fix security vulnerability
2016-03-25 09:38:37
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2016-03-21 00:00:00
JSON
Related for SECURITYVULNS:DOC:31891
securityvulns12nessus21openvas9kaspersky2prion38cve38zdi2ubuntucve21exploitpack1threatpost3exploitdb1fedora6mageia2ubuntu1