Apple TV < 10.2.1 Multiple Vulnerabilities
high Nessus Plugin ID 100256
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote Apple TV device is affected by multiple vulnerabilities.Description
According to its banner, the version of Apple TV on the remote device is prior to 10.2.1. It is, therefore, affected by multiple vulnerabilities :- A memory corruption issue exists in the WebKit Web Inspector component that allows an unauthenticated, remote attacker to execute arbitrary code.
(CVE-2017-2499)
- An unspecified race condition exists in the Kernel component that allows a local attacker to execute arbitrary code with kernel-level privileges.
(CVE-2017-2501)
- An information disclosure vulnerability exists in the CoreAudio component due to improper sanitization of certain input. A local attacker can exploit this to read the contents of restricted memory. (CVE-2017-2502)
- A universal cross-site scripting (XSS) vulnerability exists in WebKit due to a logic flaw when handling WebKit Editor commands. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary script code in a user's browser session. (CVE-2017-2504)
- Multiple memory corruption issues exist in WebKit due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2505, CVE-2017-2515, CVE-2017-2521, CVE-2017-2530, CVE-2017-2531, CVE-2017-6980, CVE-2017-6984)
- Multiple information disclosure vulnerabilities exist in the Kernel component due to improper sanitization of certain input. A local attacker can exploit these to read the contents of restricted memory. (CVE-2017-2507, CVE-2017-6987)
- A use-after-free error exists in the SQLite component when handling SQL queries. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code.
(CVE-2017-2513)
- Multiple buffer overflow conditions exist in the SQLite component due to the improper validation of certain input. An unauthenticated, remote attacker can exploit these, via a specially crafted SQL query, to execute arbitrary code. (CVE-2017-2518, CVE-2017-2520)
- A memory corruption issue exists in the SQLite component when handling SQL queries. An unauthenticated, remote attacker can exploit this, via a specially crafted query, to execute arbitrary code. (CVE-2017-2519)
- An unspecified memory corruption issue exists in the TextInput component when parsing specially crafted data.
An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2524)
- A use-after-free error exists in WebKit when handling RenderLayer objects. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2525)
- Multiple unspecified flaws exist in WebKit that allow an unauthenticated, remote attacker to corrupt memory and execute arbitrary code by using specially crafted web content. (CVE-2017-2536)
- A universal cross-site scripting (XSS) vulnerability exists in WebKit due to a logic error when handling frame loading. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code in a user's browser session.
(CVE-2017-2549)
- An unspecified flaw exists in the IOSurface component that allows a local attacker to corrupt memory and execute arbitrary code with kernel-level privileges.
(CVE-2017-6979)
- An unspecified flaw exists in the AVEVideoEncoder component that allows a local attacker, via a specially crafted application, to corrupt memory and execute arbitrary code with kernel-level privileges.
(CVE-2017-6989)
- A denial of service vulnerability exists in the CoreText component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to crash an application. (CVE-2017-7003)
- A memory corruption issue exists in the JavaScriptCore component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7005)
Note that only 4th generation models are affected by these vulnerabilities.
Solution
Upgrade to Apple TV version 10.2.1 or later. Note that this update is only available for 4th generation models.See Also
Plugin Details
Severity: High
ID: 100256
File Name: appletv_10_2_1.nasl
Version: 1.9
Type: remote
Family: Misc.
Published: 5/17/2017
Updated: 11/13/2019
Dependencies: appletv_version.nasl
Risk Information
CVSS Score Source: CVE-2017-6989
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: CVSS2#E:POC/RL:OF/RC:C
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:2.3:a:apple:apple_tv:*:*:*:*:*:*:*:*
Required KB Items: AppleTV/Version, AppleTV/Model, AppleTV/URL, AppleTV/Port
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/15/2017
Vulnerability Publication Date: 5/15/2017
Reference Information
CVE: CVE-2017-2499, CVE-2017-2501, CVE-2017-2502, CVE-2017-2504, CVE-2017-2505, CVE-2017-2507, CVE-2017-2513, CVE-2017-2515, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2521, CVE-2017-2524, CVE-2017-2525, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2549, CVE-2017-6979, CVE-2017-6980, CVE-2017-6984, CVE-2017-6987, CVE-2017-6989, CVE-2017-7003, CVE-2017-7005