logo
DATABASE RESOURCES PRICING ABOUT US

Apple TV < 10.2 Multiple Vulnerabilities

Description

Versions of Apple TV earlier than 10.2 are affected by multiple vulnerabilities : - An unspecified flaw exists related to 'nghttp2' and 'LibreSSL' that is triggered during the handling of a malicious HTTP/2 server. This may allow an attacker to have multiple unspecified impacts. (CVE-2017-2428) - A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430) - A use-after-free flaw exists in 'libc++' that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441) - A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448) - An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462) - An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code. Additional flaws exist in the following components : - Carbon (CVE-2017-2379) - Carbon (CVE-2017-2379) - CoreGraphics (CVE-2017-2417, CVE-2017-2444) - CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461) - FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487) - ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467) - Kernel (CVE-2017-2401, CVE-2017-2440, CVE-2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2490) - Keyboards (CVE-2017-2458) - libarchive (CVE-2017-2390) - Security (CVE-2017-2451) - Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)


Related