Synopsis
The remote device is affected by multiple vulnerabilities.
Description
According to its banner, the remote Apple TV device is a version prior to 7.2. It is, therefore, affected by the following vulnerabilities :
- Multiple memory corruption vulnerabilities exist in WebKit due to improperly validated user-supplied input.
A remote attacker, using a specially crafted website, can exploit these to execute arbitrary code.
(CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1119, CVE-2015-1120, CVE-2015-1121, CVE-2015-1122, CVE-2015-1123, CVE-2015-1124)
- An error exists in the IOKit objects due to improper validation of metadata used by an audio driver, which allows arbitrary code execution. (CVE-2015-1086)
- An XML External Entity (XXE) injection vulnerability exists in the NSXMLParser due to improper handling of XML files, which allows information disclosure.
(CVE-2015-1092)
- An error exists in the IOAcceleratorFamily that allows the kernel memory layout to be disclosed.
(CVE-2015-1094)
- A memory corruption vulnerability exists in the IOHIDFamily API that allows arbitrary code execution.
(CVE-2015-1095)
- An error exists in the IOHIDFamily due to improper bounds checking, which allows the kernel memory layout to be disclosed. (CVE-2015-1096)
- An error exists in the MobileFrameBuffer due to improper bounds checking, which allows the kernel memory layout to be disclosed. (CVE-2015-1097)
- A denial of service vulnerability exists in the setreuid() system call due to a race condition.
(CVE-2015-1099)
- An out-of-bounds memory error exists in the kernel that allows a denial of service attack or information disclosure. (CVE-2015-1100)
- A memory corruption vulnerability exists in the kernel that allows arbitrary code execution. (CVE-2015-1101)
- A denial of service vulnerability exists due to a state inconsistency in the processing of TCP headers, which can only be exploited from an adjacent network.
(CVE-2015-1102)
- A vulnerability exists that allows a man-in-the-middle attacker to redirect traffic via ICMP redirects.
(CVE-2015-1103)
- A security bypass vulnerability exists due to the system treating remote IPv6 packets as local packets, which allows an attacker to bypass network filters.
(CVE-2015-1104)
- A denial of service vulnerability exists due to improper processing of TCP out-of-band data, which allows a denial of service by a remote attacker. (CVE-2015-1105)
- An information disclosure vulnerability exists due to unique identifiers being sent to remote servers when downloading assets for a podcast. (CVE-2015-1110)
- An information disclosure vulnerability exists in the third-party application sandbox that allows hardware identifiers to be accessible by other applications.
(CVE-2015-1114)
- A privilege escalation vulnerability exists in the setreuid() and setregid() system calls due to a failure to drop privileges permanently. (CVE-2015-1117)
- A memory corruption vulnerability exists due to improper bounds checking when processing configuration profiles, which allows a denial of service attack. (CVE-2015-1118)
Solution
Upgrade to Apple TV 7.2 or later. Note that this update is only available for 3rd generation and later models.