Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apple TV < 9.1 Multiple Vulnerabilities

High

Synopsis

The version of this Apple TV device is not current and is thus unpatched for multiple vulnerabilities.

Description

Versions of Apple TV earlier than 9.1 are vulnerable to the following issues :

- A flaw exists within the 'IOAcceleratorFamily' component. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with system privileges. (CVE-2015-7109) - A use-after-free condition is triggered when parsing disk images. This may allow a local attacker to dereference already freed memory and potentially execute arbitrary code with kernel privileges. (CVE-2015-7110) - A memory corruption vulnerability exists within the 'ASN.1 decoder'. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted certificate. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-7059, CVE-2015-7060, CVE-2015-7061) - A flaw exists due to the program failing to properly perform authorization checks. This may allow a local attacker to install arbitrary configuration profiles. (CVE-2015-7062) - A flaw exists within legacy functionality that is triggered in the way Keychain access interacts with the Keychain agent. This may allow a local attacker to spoof as a valid Keychain server. (CVE-2015-7045)

Solution

Upgrade Apple TV to 9.1, or later.