Apple Security Advisory 2014-03-10-2 - Apple TV 6.1 is now available and addresses information disclosure, date checking failure, buffer overflow, and various other vulnerabilities.
49c40a29a380c50803951ca030c4505c5a3bee971409553f3f4a97d6fc09fea0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-03-10-2 Apple TV 6.1
Apple TV 6.1 is now available and addresses the following:
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker with access to an Apple TV may access sensitive
user information from logs
Description: Sensitive user information was logged. This issue was
addressed by logging less information.
CVE-ID
CVE-2014-1279 : David Schuetz working at Intrepidus Group
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Profile expiration dates were not honored
Description: Expiration dates of mobile configuration profiles were
not evaluated correctly. The issue was resolved through improved
handling of configuration profiles.
CVE-ID
CVE-2014-1267
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A malicious application can cause an unexpected system
termination
Description: A reachable assertion issue existed in CoreCapture's
handling of IOKit API calls. The issue was addressed through
additional validation of input from IOKit.
CVE-ID
CVE-2014-1271 : Filippo Bigarella
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A local user may be able to change permissions on arbitrary
files
Description: CrashHouseKeeping followed symbolic links while
changing permissions on files. This issue was addressed by not
following symbolic links when changing permissions on files.
CVE-ID
CVE-2014-1272 : evad3rs
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Code signing requirements may be bypassed
Description: Text relocation instructions in dynamic libraries may
be loaded by dyld without code signature validation. This issue was
addressed by ignoring text relocation instructions.
CVE-ID
CVE-2014-1273 : evad3rs
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JPEG2000
images in PDF files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1275 : Felix Groebert of the Google Security Team
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of TIFF
images. This issue was addressed through additional validation of
TIFF images.
CVE-ID
CVE-2012-2088
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted JPEG file may lead to the
disclosure of memory contents
Description: An uninitialized memory access issue existed in
libjpeg's handling of JPEG markers, resulting in the disclosure of
memory contents. This issue was addressed through additional
validation of JPEG files.
CVE-ID
CVE-2013-6629 : Michal Zalewski
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out of bounds memory access issue existed in the ARM
ptmx_get_ioctl function. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-1278 : evad3rs
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A configuration profile may be hidden from the user
Description: A configuration profile with a long name could be
loaded onto the device but was not displayed in the profile UI. The
issue was addressed through improved handling of profile names.
CVE-ID
CVE-2014-1282 : Assaf Hefetz, Yair Amit and Adi Sharabani of Skycure
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A person with physical access to the device may be able to
cause arbitrary code execution in kernel mode
Description: A memory corruption issue existed in the handling of
USB messages. This issue was addressed through additional validation
of USB messages.
CVE-ID
CVE-2014-1287 : Andy Davis of NCC Group
WebKit
Available for: Apple TV 2nd generation and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2909 : Atte Kettunen of OUSPG
CVE-2013-2926 : cloudfuzzer
CVE-2013-2928 : Google Chrome Security Team
CVE-2013-5196 : Google Chrome Security Team
CVE-2013-5197 : Google Chrome Security Team
CVE-2013-5198 : Apple
CVE-2013-5199 : Apple
CVE-2013-5225 : Google Chrome Security Team
CVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day
Initiative
CVE-2013-6625 : cloudfuzzer
CVE-2013-6635 : cloudfuzzer
CVE-2014-1269 : Apple
CVE-2014-1270 : Apple
CVE-2014-1289 : Apple
CVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day
Initiative, Google Chrome Security Team
CVE-2014-1291 : Google Chrome Security Team
CVE-2014-1292 : Google Chrome Security Team
CVE-2014-1293 : Google Chrome Security Team
CVE-2014-1294 : Google Chrome Security Team
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Playing a maliciously crafted video could lead to the device
becoming unresponsive
Description: A null dereference issue existed in the handling of
MPEG-4 encoded files. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2014-1280 : rg0rd
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBAgAGBQJTGlvfAAoJEPefwLHPlZEw8GEP/ikatTiohUPRvpjubarcXePV
z6ixKxmqUUvSy+AlyFTsCpvB1IEipSx5hKbYsxk5+4qAVsYG3VEpLNJKBarUHQN8
K1+I77xF5osLxrypWV6vEDqqFDcZyflumtvfdj7EmWf/FcWnOooRQt7wVVrzrCCh
40nfspy1YjNi1EO2p6dDlzi+yvEGF5CHg8R1zSFf7ozLPoCABlnbdzXxh+nYoI+E
y65R4Eo7OBhVH5mJvBczjsHu/GljR3y/yi3NSnoV5ga5SfaaOlwa8emgNooeEs3u
ghkfm2UxkjtdNkpVMfwFp35oLESIl6pMd2dtH2sU4MwRK3h8rvFeS/zJRZmwEIXO
5+9tNop1hmF52aVKRZAJ4/A9kbTC3pKd0PxvKsveB6Pgxbq9eDfueMC/r6FtOZDa
is95LuLtf26h8xQt8FovY7Cm80ckOT4mJnvzfmpGmUSK4PHsNfJwfJOBa1yMHTJg
CDfg+jGhHy7DJuawekzQjcvkz34YWg7Lp25ZJilvZf8dGB2R4g+hikdOrWKI4vFj
x7LGZg6IPaHFt0MPgjnoV1FhABnXksD41uIAQP2LhDrHWnRgTeJoGwQ2SuZjSA6w
T/DzhicTLq6MDSBjlbt6EJ4gtxWlYDfeAfJcFb/Aret+2L7570q18EkLRbiI8e6k
3NksAqBIKSpadFt+M8wt
=xjrI
-----END PGP SIGNATURE-----