Versions of Apple TV earlier than 10.0 are vulnerable to the following issues :
- A flaw exists in libxml2 that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4658)
- A flaw exists in FontParser that is triggered during the handling of a specially crafted font file. This may allow a context-dependent attacker to disclose information in process memory. (CVE-2016-4718)
- An unspecified flaw exists in IOAcceleratorFamily that may allow a context-dependent attacker to disclose arbitrary contents of the memory. No further details have been provided. (CVE-2016-4725)
- A flaw exists in IOAcceleratorFamily that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4726)
- A flaw exists in libxslt that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4738)
- A flaw exists that is triggered during the handling of a signed disk image. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor. (CVE-2016-4753)
- A flaw exists in the kernel that is triggered as the system fails to properly handle locking. This may allow a remote attacker to cause a denial of service. (CVE-2016-4772)
- An out-of-bounds read flaw exists in the Kernel that that may allow a local attacker to disclose the contents of memory. No further details have been provided. (CVE-2016-4773)
- An out-of-bounds read flaw exists in the Kernel that that may allow a local attacker to disclose the contents of memory. No further details have been provided. (CVE-2016-4774)
- A flaw exists in the Kernel that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4775)
- An out-of-bounds read flaw exists in the Kernel that that may allow a local attacker to disclose the contents of memory. No further details have been provided. (CVE-2016-4776)
- An untrusted pointer dereference flaw exists in the Kernel that may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor. (CVE-2016-4777)
- A flaw exists in the Kernel that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4778)