Apple TV < 7.2 Multiple Vulnerabilities

critical Nessus Plugin ID 82712

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its banner, the remote Apple TV device is a version prior to 7.2. It is, therefore, affected by the following vulnerabilities :

- Multiple memory corruption vulnerabilities exist in WebKit due to improperly validated user-supplied input.
A remote attacker, using a specially crafted website, can exploit these to execute arbitrary code.
(CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1119, CVE-2015-1120, CVE-2015-1121, CVE-2015-1122, CVE-2015-1123, CVE-2015-1124)

- An error exists in the IOKit objects due to improper validation of metadata used by an audio driver, which allows arbitrary code execution. (CVE-2015-1086)

- An XML External Entity (XXE) injection vulnerability exists in the NSXMLParser due to improper handling of XML files, which allows information disclosure.
(CVE-2015-1092)

- An error exists in the IOAcceleratorFamily that allows the kernel memory layout to be disclosed.
(CVE-2015-1094)

- A memory corruption vulnerability exists in the IOHIDFamily API that allows arbitrary code execution.
(CVE-2015-1095)

- An error exists in the IOHIDFamily due to improper bounds checking, which allows the kernel memory layout to be disclosed. (CVE-2015-1096)

- An error exists in the MobileFrameBuffer due to improper bounds checking, which allows the kernel memory layout to be disclosed. (CVE-2015-1097)

- A denial of service vulnerability exists in the setreuid() system call due to a race condition.
(CVE-2015-1099)

- An out-of-bounds memory error exists in the kernel that allows a denial of service attack or information disclosure. (CVE-2015-1100)

- A memory corruption vulnerability exists in the kernel that allows arbitrary code execution. (CVE-2015-1101)

- A denial of service vulnerability exists due to a state inconsistency in the processing of TCP headers, which can only be exploited from an adjacent network.
(CVE-2015-1102)

- A vulnerability exists that allows a man-in-the-middle attacker to redirect traffic via ICMP redirects.
(CVE-2015-1103)

- A security bypass vulnerability exists due to the system treating remote IPv6 packets as local packets, which allows an attacker to bypass network filters.
(CVE-2015-1104)

- A denial of service vulnerability exists due to improper processing of TCP out-of-band data, which allows a denial of service by a remote attacker. (CVE-2015-1105)

- An information disclosure vulnerability exists due to unique identifiers being sent to remote servers when downloading assets for a podcast. (CVE-2015-1110)

- An information disclosure vulnerability exists in the third-party application sandbox that allows hardware identifiers to be accessible by other applications.
(CVE-2015-1114)

- A privilege escalation vulnerability exists in the setreuid() and setregid() system calls due to a failure to drop privileges permanently. (CVE-2015-1117)

- A memory corruption vulnerability exists due to improper bounds checking when processing configuration profiles, which allows a denial of service attack. (CVE-2015-1118)

Solution

Upgrade to Apple TV 7.2 or later. Note that this update is only available for 3rd generation and later models.

See Also

https://support.apple.com/en-us/HT204662

http://www.nessus.org/u?028da58b

Plugin Details

Severity: Critical

ID: 82712

File Name: appletv_7_2.nasl

Version: 1.12

Type: remote

Family: Misc.

Published: 4/10/2015

Updated: 11/22/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-1103

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:apple_tv

Required KB Items: AppleTV/Version, AppleTV/URL, AppleTV/Port

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/8/2015

Vulnerability Publication Date: 3/17/2015

Reference Information

CVE: CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1086, CVE-2015-1092, CVE-2015-1094, CVE-2015-1095, CVE-2015-1096, CVE-2015-1097, CVE-2015-1099, CVE-2015-1100, CVE-2015-1101, CVE-2015-1102, CVE-2015-1103, CVE-2015-1104, CVE-2015-1105, CVE-2015-1110, CVE-2015-1114, CVE-2015-1117, CVE-2015-1118, CVE-2015-1119, CVE-2015-1120, CVE-2015-1121, CVE-2015-1122, CVE-2015-1123, CVE-2015-1124

BID: 73176, 73972, 73981, 73983, 73985, 73986

APPLE-SA: APPLE-SA-2015-04-08-4