Apple TV < 5.1 Multiple Vulnerabilities

High Nessus Plugin ID 62357


The remote device is affected by multiple vulnerabilities.


According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities :

- An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722)

- Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725)

- A buffer overflow in libtiff's handling of ThunderScan encoded TIFF images could lead to arbitrary code execution. (CVE-2011-1167)

- Multiple memory corruption issues in libpng's handling of PNG images could lead to arbitrary code execution.
(CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328)

- A double free issue in ImageIO's handling of JPEG images could lead to arbitrary code execution.

- An integer overflow issue in libTIFF's handling of TIFF images could lead to arbitrary code execution.

- A stack-based buffer overflow in the handling of ICU locale IDs could lead to arbitrary code execution.

- Multiple vulnerabilities in libxml could have a variety of impacts, including arbitrary code execution.
(CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 / CVE-2011-3919)

- Multiple memory corruption issues in JavaScriptCore could lead to arbitrary code execution.
(CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 / CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 / CVE-2012-3678 / CVE-2012-3679)


Upgrade the Apple TV to iOS 5.1 or later.

See Also

Plugin Details

Severity: High

ID: 62357

File Name: appletv_5_1.nasl

Version: $Revision: 1.16 $

Type: remote

Published: 2012/09/27

Modified: 2016/05/19

Dependencies: 42825

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:apple:apple_tv

Required KB Items: www/appletv

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/09/24

Vulnerability Publication Date: 2011/03/21

Reference Information

CVE: CVE-2011-1167, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3026, CVE-2011-3048, CVE-2011-3328, CVE-2011-3919, CVE-2011-4599, CVE-2012-0682, CVE-2012-0683, CVE-2012-1173, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3678, CVE-2012-3679, CVE-2012-3722, CVE-2012-3725, CVE-2012-3726

BID: 46951, 48056, 49279, 49658, 49744, 51006, 51300, 52049, 52830, 52891, 54680, 56264, 56268, 56273

OSVDB: 71256, 73248, 74695, 75560, 75676, 77698, 78148, 79294, 80822, 81025, 84140, 84141, 84142, 84143, 84193, 84194, 84211, 84212, 85628, 85635, 85649

APPLE-SA: APPLE-SA-2012-09-24-1