Synopsis
The remote device is affected by multiple vulnerabilities.
Description
According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities :
- An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722)
- Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725)
- A buffer overflow in libtiff's handling of ThunderScan encoded TIFF images could lead to arbitrary code execution. (CVE-2011-1167)
- Multiple memory corruption issues in libpng's handling of PNG images could lead to arbitrary code execution.
(CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328)
- A double free issue in ImageIO's handling of JPEG images could lead to arbitrary code execution.
(CVE-2012-3726)
- An integer overflow issue in libTIFF's handling of TIFF images could lead to arbitrary code execution.
(CVE-2012-1173)
- A stack-based buffer overflow in the handling of ICU locale IDs could lead to arbitrary code execution.
(CVE-2011-4599)
- Multiple vulnerabilities in libxml could have a variety of impacts, including arbitrary code execution.
(CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 / CVE-2011-3919)
- Multiple memory corruption issues in JavaScriptCore could lead to arbitrary code execution.
(CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 / CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 / CVE-2012-3678 / CVE-2012-3679)
Solution
Upgrade the Apple TV to iOS 5.1 or later.