APPLE-SA-2015-04-08-3

APPLE-SA-2015-04-08-4

73983

1032050

https://support.apple.com/HT204661

https://support.apple.com/HT204662

https://support.apple.com/kb/HT204870

According to its banner, the remote Apple TV device is a version prior to 7.2. It is, therefore, affected by the following vulnerabilities :

  - Multiple memory corruption vulnerabilities exist in     WebKit due to improperly validated user-supplied input.
    A remote attacker, using a specially crafted website,     can exploit these to execute arbitrary code.
    (CVE-2015-1068, CVE-2015-1069, CVE-2015-1070,     CVE-2015-1071, CVE-2015-1072, CVE-2015-1073,     CVE-2015-1074, CVE-2015-1076, CVE-2015-1077,     CVE-2015-1078, CVE-2015-1079, CVE-2015-1080,     CVE-2015-1081, CVE-2015-1082, CVE-2015-1083,     CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,     CVE-2015-1122, CVE-2015-1123, CVE-2015-1124)

  - An error exists in the IOKit objects due to improper     validation of metadata used by an audio driver, which     allows arbitrary code execution. (CVE-2015-1086)

  - An XML External Entity (XXE) injection vulnerability     exists in the NSXMLParser due to improper handling of     XML files, which allows information disclosure.
    (CVE-2015-1092)

  - An error exists in the IOAcceleratorFamily that allows     the kernel memory layout to be disclosed.
    (CVE-2015-1094)

  - A memory corruption vulnerability exists in the     IOHIDFamily API that allows arbitrary code execution.
    (CVE-2015-1095)

  - An error exists in the IOHIDFamily due to improper     bounds checking, which allows the kernel memory layout     to be disclosed. (CVE-2015-1096)

  - An error exists in the MobileFrameBuffer due to improper     bounds checking, which allows the kernel memory layout     to be disclosed. (CVE-2015-1097)

  - A denial of service vulnerability exists in the     setreuid() system call due to a race condition.
    (CVE-2015-1099)

  - An out-of-bounds memory error exists in the kernel that     allows a denial of service attack or information     disclosure. (CVE-2015-1100)

  - A memory corruption vulnerability exists in the kernel     that allows arbitrary code execution. (CVE-2015-1101)

  - A denial of service vulnerability exists due to a state     inconsistency in the processing of TCP headers, which     can only be exploited from an adjacent network.
    (CVE-2015-1102)

  - A vulnerability exists that allows a man-in-the-middle     attacker to redirect traffic via ICMP redirects.
    (CVE-2015-1103)

  - A security bypass vulnerability exists due to the     system treating remote IPv6 packets as local packets,     which allows an attacker to bypass network filters.
    (CVE-2015-1104)

  - A denial of service vulnerability exists due to improper     processing of TCP out-of-band data, which allows a     denial of service by a remote attacker. (CVE-2015-1105)

  - An information disclosure vulnerability exists due to     unique identifiers being sent to remote servers when     downloading assets for a podcast. (CVE-2015-1110)

  - An information disclosure vulnerability exists in the     third-party application sandbox that allows hardware     identifiers to be accessible by other applications.
    (CVE-2015-1114)

  - A privilege escalation vulnerability exists in the     setreuid() and setregid() system calls due to a failure     to drop privileges permanently. (CVE-2015-1117)

  - A memory corruption vulnerability exists due to improper     bounds checking when processing configuration profiles,     which allows a denial of service attack. (CVE-2015-1118)

The mobile device is running a version of iOS prior to version 8.3.
It is, therefore, affected by vulnerabilities in the following components :

  - AppleKeyStore
  - Audio Drivers
  - Backup
  - Certificate Trust Policy
  - CFNetwork
  - CFNetwork Session
  - CFURL
  - FontParser
  - Foundation
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOMobileFramebuffer
  - iWork Viewer
  - Kernel
  - Keyboards
  - libnetcore
  - Lock Screen
  - NetworkExtension
  - Podcasts
  - Safari
  - Sandbox Profiles
  - Telephony
  - UIKit View
  - WebKit

ID	Name	Product	Family	Severity
82712	Apple TV < 7.2 Multiple Vulnerabilities	Nessus	Misc.	critical
82703	Apple iOS < 8.3 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2015-1092

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

high