Apple TV < 9.1.1 Multiple Vulnerabilities

high Nessus Plugin ID 88418

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its banner, the remote Apple TV device is a version prior to 9.1.1. It is, therefore, affected by the following vulnerabilities :

- A type confusion error exists in the bundled libxslt library due to improper handling of invalid values. An attacker can exploit this to crash the application, resulting in a denial of service condition.
(CVE-2015-7995)

- A memory corruption issue exists due to improper validation of user-supplied input when handling disk images. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1717)

- A use-after-free error exists in the IOHIDFamily API due to improper validation of user-supplied input. A local attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-1719)

- A memory corruption issue exists in IOKit due to improper validation of user-supplied input. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-1720)

- A memory corruption issue exists in the Kernel due to improper validation of user-supplied input. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-1721)

- An overflow condition exists in the add_lockdown_session() function due to improper validation of user-supplied input. A local attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-1722)

- Multiple memory corruption issues exist in WebKit due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-1724, CVE-2016-1727)

Solution

Upgrade to Apple TV version 9.1.1 or later. Note that this update is only available for 4th generation models.

See Also

https://support.apple.com/en-us/HT205729

http://www.nessus.org/u?cbf27a14

Plugin Details

Severity: High

ID: 88418

File Name: appletv_9_1_1.nasl

Version: 1.13

Type: remote

Family: Misc.

Published: 1/27/2016

Updated: 12/14/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-1727

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:apple_tv

Required KB Items: AppleTV/Version, AppleTV/Model, AppleTV/URL, AppleTV/Port

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/14/2016

Vulnerability Publication Date: 1/14/2016

Reference Information

CVE: CVE-2015-7995, CVE-2016-1717, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722, CVE-2016-1724, CVE-2016-1727

BID: 77325

APPLE-SA: APPLE-SA-2016-01-25-1