Apple TV < 10.2.1 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Apple TV device is affected by multiple vulnerabilities.

Description :

According to its banner, the version of Apple TV on the remote device
is prior to 10.2.1. It is, therefore, affected by multiple
vulnerabilities :

- A memory corruption issue exists in the WebKit Web
Inspector component that allows an unauthenticated,
remote attacker to execute arbitrary code.
(CVE-2017-2499)

- An unspecified race condition exists in the Kernel
component that allows a local attacker to execute
arbitrary code with kernel-level privileges.
(CVE-2017-2501)

- An information disclosure vulnerability exists in the
CoreAudio component due to improper sanitization of
certain input. A local attacker can exploit this to read
the contents of restricted memory. (CVE-2017-2502)

- A universal cross-site scripting (XSS) vulnerability
exists in WebKit due to a logic flaw when handling
WebKit Editor commands. An unauthenticated, remote
attacker can exploit this, via a specially crafted web
page, to execute arbitrary script code in a user's
browser session. (CVE-2017-2504)

- Multiple memory corruption issues exist in WebKit due to
improper validation of certain input. An
unauthenticated, remote attacker can exploit these to
execute arbitrary code. (CVE-2017-2505, CVE-2017-2515,
CVE-2017-2521, CVE-2017-2530, CVE-2017-2531,
CVE-2017-6980, CVE-2017-6984)

- Multiple information disclosure vulnerabilities exist
in the Kernel component due to improper sanitization of
certain input. A local attacker can exploit these to
read the contents of restricted memory. (CVE-2017-2507,
CVE-2017-6987)

- A use-after-free error exists in the SQLite component
when handling SQL queries. An unauthenticated, remote
attacker can exploit this to deference already freed
memory, resulting in the execution of arbitrary code.
(CVE-2017-2513)

- Multiple buffer overflow conditions exist in the SQLite
component due to the improper validation of certain
input. An unauthenticated, remote attacker can exploit
these, via a specially crafted SQL query, to execute
arbitrary code. (CVE-2017-2518, CVE-2017-2520)

- A memory corruption issue exists in the SQLite component
when handling SQL queries. An unauthenticated, remote
attacker can exploit this, via a specially crafted
query, to execute arbitrary code. (CVE-2017-2519)

- An unspecified memory corruption issue exists in the
TextInput component when parsing specially crafted data.
An unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2017-2524)

- A use-after-free error exists in WebKit when handling
RenderLayer objects. An unauthenticated, remote attacker
can exploit this, via a specially crafted web page, to
deference already freed memory, resulting in the
execution of arbitrary code. (CVE-2017-2525)

- Multiple unspecified flaws exist in WebKit that allow
an unauthenticated, remote attacker to corrupt memory
and execute arbitrary code by using specially crafted
web content. (CVE-2017-2536)

- A universal cross-site scripting (XSS) vulnerability
exists in WebKit due to a logic error when handling
frame loading. An unauthenticated, remote attacker can
exploit this, via a specially crafted web page, to
execute arbitrary code in a user's browser session.
(CVE-2017-2549)

- An unspecified flaw exists in the IOSurface component
that allows a local attacker to corrupt memory and
execute arbitrary code with kernel-level privileges.
(CVE-2017-6979)

- An unspecified flaw exists in the AVEVideoEncoder
component that allows a local attacker, via a specially
crafted application, to corrupt memory and execute
arbitrary code with kernel-level privileges.
(CVE-2017-6989)

- An denial of service vulnerability exists in the
CoreText component due to improper validation of
user-supplied input. An unauthenticated, remote attacker
can exploit this, via a specially crafted file, to crash
an application. (CVE-2017-7003)

- A memory corruption issue exists in the JavaScriptCore
component due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this, via specially crafted web content, to cause a
denial of service condition or the execution of
arbitrary code. (CVE-2017-7005)

Note that only 4th generation models are affected by these
vulnerabilities.

See also :

https://support.apple.com/en-us/HT207801

Solution :

Upgrade to Apple TV version 10.2.1 or later. Note that this update is
only available for 4th generation models.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false