Apple TV < 7.1 Multiple Vulnerabilities (FREAK)

critical Nessus Plugin ID 81790

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its banner, the remote Apple TV device is a version prior to 7.1. It is, therefore, affected by the following vulnerabilities :

- A type confusion error exists related to 'IOSurface' and serialized object handling that allow arbitrary code execution. (CVE-2015-1061)

- An error exists in 'MobileStorageMounter' related to developer disk mounting logic and invalid disk image folders that allows a malicious application to create folders in trusted locations. (CVE-2015-1062)

- A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-1067)

Solution

Upgrade to Apple TV 7.1 or later. Note that this update is only available for 3rd generation and later models.

See Also

https://support.apple.com/en-us/HT204426

http://www.nessus.org/u?260d1940

https://www.smacktls.com/#freak

Plugin Details

Severity: Critical

ID: 81790

File Name: appletv_7_1.nasl

Version: 1.14

Type: remote

Family: Misc.

Published: 3/12/2015

Updated: 11/22/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-1061

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:apple_tv

Required KB Items: AppleTV/Version, AppleTV/URL, AppleTV/Port

Exploit Ease: No known exploits are available

Patch Publication Date: 3/9/2015

Vulnerability Publication Date: 3/6/2015

Reference Information

CVE: CVE-2015-1061, CVE-2015-1062, CVE-2015-1067

BID: 73003, 73004, 73009

APPLE-SA: APPLE-SA-2015-03-09-2

CERT: 243585