APPLE-SA-2014-03-10-2 Apple TV 6.1

2014-03-13T00:00:00
ID SECURITYVULNS:DOC:30358
Type securityvulns
Reporter Securityvulns
Modified 2014-03-13T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-03-10-2 Apple TV 6.1

Apple TV 6.1 is now available and addresses the following:

Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with access to an Apple TV may access sensitive user information from logs Description: Sensitive user information was logged. This issue was addressed by logging less information. CVE-ID CVE-2014-1279 : David Schuetz working at Intrepidus Group

Apple TV Available for: Apple TV 2nd generation and later Impact: Profile expiration dates were not honored Description: Expiration dates of mobile configuration profiles were not evaluated correctly. The issue was resolved through improved handling of configuration profiles. CVE-ID CVE-2014-1267

Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious application can cause an unexpected system termination Description: A reachable assertion issue existed in CoreCapture's handling of IOKit API calls. The issue was addressed through additional validation of input from IOKit. CVE-ID CVE-2014-1271 : Filippo Bigarella

Apple TV Available for: Apple TV 2nd generation and later Impact: A local user may be able to change permissions on arbitrary files Description: CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files. CVE-ID CVE-2014-1272 : evad3rs

Apple TV Available for: Apple TV 2nd generation and later Impact: Code signing requirements may be bypassed Description: Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions. CVE-ID CVE-2014-1273 : evad3rs

Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 images in PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1275 : Felix Groebert of the Google Security Team

Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images. CVE-ID CVE-2012-2088

Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted JPEG file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in libjpeg's handling of JPEG markers, resulting in the disclosure of memory contents. This issue was addressed through additional validation of JPEG files. CVE-ID CVE-2013-6629 : Michal Zalewski

Apple TV Available for: Apple TV 2nd generation and later Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: An out of bounds memory access issue existed in the ARM ptmx_get_ioctl function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1278 : evad3rs

Apple TV Available for: Apple TV 2nd generation and later Impact: A configuration profile may be hidden from the user Description: A configuration profile with a long name could be loaded onto the device but was not displayed in the profile UI. The issue was addressed through improved handling of profile names. CVE-ID CVE-2014-1282 : Assaf Hefetz, Yair Amit and Adi Sharabani of Skycure

Apple TV Available for: Apple TV 2nd generation and later Impact: A person with physical access to the device may be able to cause arbitrary code execution in kernel mode Description: A memory corruption issue existed in the handling of USB messages. This issue was addressed through additional validation of USB messages. CVE-ID CVE-2014-1287 : Andy Davis of NCC Group

WebKit Available for: Apple TV 2nd generation and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2909 : Atte Kettunen of OUSPG CVE-2013-2926 : cloudfuzzer CVE-2013-2928 : Google Chrome Security Team CVE-2013-5196 : Google Chrome Security Team CVE-2013-5197 : Google Chrome Security Team CVE-2013-5198 : Apple CVE-2013-5199 : Apple CVE-2013-5225 : Google Chrome Security Team CVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day Initiative CVE-2013-6625 : cloudfuzzer CVE-2013-6635 : cloudfuzzer CVE-2014-1269 : Apple CVE-2014-1270 : Apple CVE-2014-1289 : Apple CVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day Initiative, Google Chrome Security Team CVE-2014-1291 : Google Chrome Security Team CVE-2014-1292 : Google Chrome Security Team CVE-2014-1293 : Google Chrome Security Team CVE-2014-1294 : Google Chrome Security Team

Apple TV Available for: Apple TV 2nd generation and later Impact: Playing a maliciously crafted video could lead to the device becoming unresponsive Description: A null dereference issue existed in the handling of MPEG-4 encoded files. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1280 : rg0rd

Installation note:

Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software".

To check the current version of software, select "Settings -> General -> About".

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTGlvfAAoJEPefwLHPlZEw8GEP/ikatTiohUPRvpjubarcXePV z6ixKxmqUUvSy+AlyFTsCpvB1IEipSx5hKbYsxk5+4qAVsYG3VEpLNJKBarUHQN8 K1+I77xF5osLxrypWV6vEDqqFDcZyflumtvfdj7EmWf/FcWnOooRQt7wVVrzrCCh 40nfspy1YjNi1EO2p6dDlzi+yvEGF5CHg8R1zSFf7ozLPoCABlnbdzXxh+nYoI+E y65R4Eo7OBhVH5mJvBczjsHu/GljR3y/yi3NSnoV5ga5SfaaOlwa8emgNooeEs3u ghkfm2UxkjtdNkpVMfwFp35oLESIl6pMd2dtH2sU4MwRK3h8rvFeS/zJRZmwEIXO 5+9tNop1hmF52aVKRZAJ4/A9kbTC3pKd0PxvKsveB6Pgxbq9eDfueMC/r6FtOZDa is95LuLtf26h8xQt8FovY7Cm80ckOT4mJnvzfmpGmUSK4PHsNfJwfJOBa1yMHTJg CDfg+jGhHy7DJuawekzQjcvkz34YWg7Lp25ZJilvZf8dGB2R4g+hikdOrWKI4vFj x7LGZg6IPaHFt0MPgjnoV1FhABnXksD41uIAQP2LhDrHWnRgTeJoGwQ2SuZjSA6w T/DzhicTLq6MDSBjlbt6EJ4gtxWlYDfeAfJcFb/Aret+2L7570q18EkLRbiI8e6k 3NksAqBIKSpadFt+M8wt =xjrI -----END PGP SIGNATURE-----