Detections
Analytics

Apple TV < 5.2 Multiple Vulnerabilities

low Nessus Plugin ID 64456

Language:

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its banner, the remote Apple TV 2nd generation or later device is prior to 5.2. It is, therefore, reportedly affected by several vulnerabilities :

 - Failure to properly validate that the user-mode pointer and length passed to the copyin and copyout functions could allow a user-mode process to directly access kernel memory if the length is smaller than one page.
 (CVE-2013-0964)

 - An out-of-bounds read error in the Broadcom BCM4325 / BCM4329 firmware could allow a remote attacker on the same Wi-Fi network to cause an unexpected system termination by sending a specially crafted RSN (802.11i) information element. (CVE-2012-2619)

Solution

Upgrade to Apple TV 5.2 or later.

See Also

http://www.nessus.org/u?d8ddc219

https://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html

https://www.securityfocus.com/archive/1/525478/30/0/threaded

https://support.apple.com/en-us/HT202672

Plugin Details

Severity: Low

ID: 64456

File Name: appletv_5_2.nasl

Version: 1.10

Type: remote

Family: Misc.

Published: 2/4/2013

Updated: 12/4/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 3.6

Temporal Score: 2.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2013-0964

Vulnerability Information

CPE: cpe:/a:apple:apple_tv

Required KB Items: www/appletv

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/28/2013

Vulnerability Publication Date: 10/23/2012

Reference Information

CVE: CVE-2012-2619, CVE-2013-0964

BID: 56184, 57595

APPLE-SA: APPLE-SA-2013-01-28-2

CERT: 160027