Lucene search

Tenable700035.PRM

HistoryApr 02, 2017 - 12:00 a.m.

Apple TV < 10.2 Multiple Vulnerabilities

2017-04-0200:00:00

Tenable

www.tenable.com

JSON

Versions of Apple TV earlier than 10.2 are affected by multiple vulnerabilities :

An unspecified flaw exists related to ‘nghttp2’ and ‘LibreSSL’ that is triggered during the handling of a malicious HTTP/2 server. This may allow an attacker to have multiple unspecified impacts. (CVE-2017-2428)
A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430)
A use-after-free flaw exists in ‘libc++’ that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441)
A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448)
An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462)
An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code.

Additional flaws exist in the following components :

Carbon (CVE-2017-2379)
Carbon (CVE-2017-2379)
CoreGraphics (CVE-2017-2417, CVE-2017-2444)
CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461)
FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487)
ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467)
Kernel (CVE-2017-2401, CVE-2017-2440, CVE-2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2490)
Keyboards (CVE-2017-2458)
libarchive (CVE-2017-2390)
Security (CVE-2017-2451)
Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)

Binary data 700035.prm

VendorProductVersionCPE
appleapple_tvcpe:/a:apple:apple_tv

Vendor	Product	Version	CPE
apple	apple_tv		cpe:/a:apple:apple_tv

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2367

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2379

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2386

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2390

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2394

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2395

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2396

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2401

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2406

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2407

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2415

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2416

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2417

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2428

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2430

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2432

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2435

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2439

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2440

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2441

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2444

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2445

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2446

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2447

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2448

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2450

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2451

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2454

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2455

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2456

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2458

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2459

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2460

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2461

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2462

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2464

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2465

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2466

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2467

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2468

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2469

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2470

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2472

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2473

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2474

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2475

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2476

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2478

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2481

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2482

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2483

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2485

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2487

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2490

support.apple.com/en-us/HT207600

support.apple.com/en-us/HT207601

support.apple.com/en-us/HT207602

support.apple.com/en-us/HT207617

threatpost.com/apple-fixes-223-vulnerabilities-across-macos-ios-safari/124599

JSON

Related for 700035.PRM