Apple TV < 7.0.2 Multiple Vulnerabilities

High Nessus Plugin ID 79360

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its banner, the remote Apple TV device is a version prior to 7.0.2. It is, therefore, affected by the following vulnerabilities :

- Multiple memory corruption issues exist related to the included version of WebKit that allow application crashes or arbitrary code execution. (CVE-2014-4452, CVE-2014-4462)

- A state management issue exists due to improperly handling overlapping segments in Mach-O executable files. A local user can exploit this issue to execute unsigned code. (CVE-2014-4455)

- A remote code execution issue exists due to improper validation of metadata fields in IOSharedDataQueue objects. (CVE-2014-4461)

Solution

Upgrade to Apple TV 7.0.2 or later. Note that this update is only available for 3rd generation and later models.

See Also

https://support.apple.com/en-us/HT204420

https://www.securityfocus.com/archive/1/534005/30/0/threaded

Plugin Details

Severity: High

ID: 79360

File Name: appletv_7_0_2.nasl

Version: 1.4

Type: remote

Family: Misc.

Published: 2014/11/20

Updated: 2018/11/15

Dependencies: 42825

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:apple_tv

Required KB Items: www/appletv

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/11/17

Vulnerability Publication Date: 2014/11/17

Reference Information

CVE: CVE-2014-4452, CVE-2014-4455, CVE-2014-4461, CVE-2014-4462

BID: 71136, 71137, 71140, 71142

APPLE-SA: APPLE-SA-2014-11-17-3