Apple TV < 5.1 Multiple Vulnerabilities

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by multiple vulnerabilities.

Description :

According to its banner, the remote Apple TV 2nd generation or later
device has a version of iOS that is earlier than 5.1. It is,
therefore, reportedly affected by several vulnerabilities :

- An uninitialized memory access issue in the handling of
Sorenson encoded movie files could lead to arbitrary
code execution. (CVE-2012-3722)

- Following the DNAv4 protocol, the device may broadcast
MAC addresses of previously accessed networks when
connecting to a Wi-Fi network. (CVE-2012-3725)

- A buffer overflow in libtiff's handling of ThunderScan
encoded TIFF images could lead to arbitrary code
execution. (CVE-2011-1167)

- Multiple memory corruption issues in libpng's handling
of PNG images could lead to arbitrary code execution.
(CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328)

- A double free issue in ImageIO's handling of JPEG
images could lead to arbitrary code execution.
(CVE-2012-3726)

- An integer overflow issue in libTIFF's handling of TIFF
images could lead to arbitrary code execution.
(CVE-2012-1173)

- A stack-based buffer overflow in the handling of ICU
locale IDs could lead to arbitrary code execution.
(CVE-2011-4599)

- Multiple vulnerabilities in libxml could have a variety
of impacts, including arbitrary code execution.
(CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 /
CVE-2011-3919)

- Multiple memory corruption issues in JavaScriptCore
could lead to arbitrary code execution.
(CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 /
CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 /
CVE-2012-3678 / CVE-2012-3679)

See also :

http://support.apple.com/kb/HT5504
http://lists.apple.com/archives/security-announce/2012/Sep/msg00006.html
http://www.securityfocus.com/archive/1/524229/30/0/threaded

Solution :

Upgrade the Apple TV to iOS 5.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false