Apple TV < 10.1.1 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Apple TV device is affected by multiple vulnerabilities.

Description :

According to its banner, the version of Apple TV on the remote device
is prior to 10.1.1. It is, therefore, affected by multiple
vulnerabilities :

- A stack-based buffer overflow condition exists in
libarchive in the bsdtar_expand_char() function within
file util.c due to improper validation of certain
unspecified input. An unauthenticated, remote attacker
can exploit this, via a specially crafted archive, to
cause a denial of service condition or the execution of
arbitrary code. (CVE-2016-8687)

- A prototype access flaw exists in WebKit when handling
exceptions. An unauthenticated, remote attacker can
exploit this, via specially crafted web content, to
disclose cross-origin data. (CVE-2017-2350)

- A type confusion error exists in WebKit when handling
SearchInputType objects due to improper validation of
certain unspecified input. An unauthenticated, remote
attacker can exploit this, via specially crafted web
content, to execute arbitrary code. (CVE-2017-2354)

- An unspecified memory initialization flaw exists in
WebKit that allows an unauthenticated, remote attacker
to execute arbitrary code via specially crafted web
content. (CVE-2017-2355)

- Multiple memory corruption issues exist in WebKit due to
improper validation of certain unspecified input. An
unauthenticated, remote attacker can exploit these, via
specially crafted web content, to execute arbitrary
code. (CVE-2017-2356, CVE-2017-2362, CVE-2017-2369,
CVE-2017-2373)

- A use-after-free error exists in the host_self_trap mach
trap. A local attacker can exploit this, via a specially
crafted application, to dereference already freed memory
and thereby execute arbitrary code with kernel
privileges. (CVE-2017-2360)

- A flaw exists in WebKit when handling page loading due
to improper validation of certain unspecified input.
An unauthenticated, remote attacker can exploit this,
via specially crafted web content, to disclose
cross-origin data. (CVE-2017-2363)

- A flaw exists in WebKit when handling variables due
to improper validation of certain unspecified input.
An unauthenticated, remote attacker can exploit this,
via specially crafted web content, to disclose
cross-origin data. (CVE-2017-2365)

- A heap buffer overflow condition exists in the
mach_voucher_extract_attr_recipe_trap() function due to
improper validation of certain unspecified input. A
local attacker can exploit this, via a specially
crafted application, to cause a denial of service
condition or the execution of arbitrary code with
kernel privileges. (CVE-2017-2370)

Note that only 4th generation models are affected by these
vulnerabilities.

See also :

https://support.apple.com/en-us/HT207485
http://www.nessus.org/u?f1c5d4b2

Solution :

Upgrade to Apple TV version 10.1.1 or later. Note that this update is
only available for 4th generation models.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now