Apple TV < 10.2.1 Multiple Vulnerabilities

Critical Nessus Plugin ID 100256

Synopsis

The remote Apple TV device is affected by multiple vulnerabilities.

Description

According to its banner, the version of Apple TV on the remote device is prior to 10.2.1. It is, therefore, affected by multiple vulnerabilities :

 - A memory corruption issue exists in the WebKit Web Inspector component that allows an unauthenticated, remote attacker to execute arbitrary code.
 (CVE-2017-2499)

 - An unspecified race condition exists in the Kernel component that allows a local attacker to execute arbitrary code with kernel-level privileges.
 (CVE-2017-2501)

 - An information disclosure vulnerability exists in the CoreAudio component due to improper sanitization of certain input. A local attacker can exploit this to read the contents of restricted memory. (CVE-2017-2502)

 - A universal cross-site scripting (XSS) vulnerability exists in WebKit due to a logic flaw when handling WebKit Editor commands. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary script code in a user's browser session. (CVE-2017-2504)

 - Multiple memory corruption issues exist in WebKit due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2505, CVE-2017-2515, CVE-2017-2521, CVE-2017-2530, CVE-2017-2531, CVE-2017-6980, CVE-2017-6984)

 - Multiple information disclosure vulnerabilities exist in the Kernel component due to improper sanitization of certain input. A local attacker can exploit these to read the contents of restricted memory. (CVE-2017-2507, CVE-2017-6987)

 - A use-after-free error exists in the SQLite component when handling SQL queries. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code.
 (CVE-2017-2513)

 - Multiple buffer overflow conditions exist in the SQLite component due to the improper validation of certain input. An unauthenticated, remote attacker can exploit these, via a specially crafted SQL query, to execute arbitrary code. (CVE-2017-2518, CVE-2017-2520)

 - A memory corruption issue exists in the SQLite component when handling SQL queries. An unauthenticated, remote attacker can exploit this, via a specially crafted query, to execute arbitrary code. (CVE-2017-2519)

 - An unspecified memory corruption issue exists in the TextInput component when parsing specially crafted data.
 An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2524)

 - A use-after-free error exists in WebKit when handling RenderLayer objects. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2525)

 - Multiple unspecified flaws exist in WebKit that allow an unauthenticated, remote attacker to corrupt memory and execute arbitrary code by using specially crafted web content. (CVE-2017-2536)

 - A universal cross-site scripting (XSS) vulnerability exists in WebKit due to a logic error when handling frame loading. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code in a user's browser session.
 (CVE-2017-2549)

 - An unspecified flaw exists in the IOSurface component that allows a local attacker to corrupt memory and execute arbitrary code with kernel-level privileges.
 (CVE-2017-6979)

 - An unspecified flaw exists in the AVEVideoEncoder component that allows a local attacker, via a specially crafted application, to corrupt memory and execute arbitrary code with kernel-level privileges.
 (CVE-2017-6989)

 - A denial of service vulnerability exists in the CoreText component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to crash an application. (CVE-2017-7003)

 - A memory corruption issue exists in the JavaScriptCore component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7005)

Note that only 4th generation models are affected by these vulnerabilities.

Solution

Upgrade to Apple TV version 10.2.1 or later. Note that this update is only available for 4th generation models.

See Also

https://support.apple.com/en-us/HT207801

Plugin Details

Severity: Critical

ID: 100256

File Name: appletv_10_2_1.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 2017/05/17

Updated: 2019/02/26

Dependencies: 93741

Risk Information

Risk Factor: Critical

CVSS Score Source: CVE-2017-2499

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:apple_tv

Required KB Items: AppleTV/Version, AppleTV/Model, AppleTV/URL, AppleTV/Port

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/05/15

Vulnerability Publication Date: 2017/05/15

Reference Information

CVE: CVE-2017-2499, CVE-2017-2501, CVE-2017-2502, CVE-2017-2504, CVE-2017-2505, CVE-2017-2507, CVE-2017-2513, CVE-2017-2515, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2521, CVE-2017-2524, CVE-2017-2525, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2549, CVE-2017-6979, CVE-2017-6980, CVE-2017-6984, CVE-2017-6987, CVE-2017-6989, CVE-2017-7003, CVE-2017-7005

BID: 98454, 98455, 98456, 98457, 98468, 98473