According to its banner, the version of Apple TV on the remote device is prior to 10.0.1. It is, therefore, affected by multiple vulnerabilities :

  - A flaw exists in WebKit when handling the location     attribute that allows an unauthenticated, remote     attacker to bypass the cross-origin policies and     disclose sensitive user information. (CVE-2016-4613)

  - An out-of-bounds read error exists in the FontParser     component when handling specially crafted font files     that allows an unauthenticated, remote attacker to     disclose sensitive information. (CVE-2016-4660)

  - An unspecified flaw exists in the Sandbox Profiles     component that allows a local attacker, via a specially     crafted application, to disclose the metadata of photo     directories. (CVE-2016-4664)

  - An unspecified flaw exists in the Sandbox Profiles     component that allows a local attacker, via a specially     crafted application, to disclose the metadata of audio     recordings. (CVE-2016-4665)

  - Multiple memory corruption issues exist in Webkit due     to improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit these to     execute arbitrary code. (CVE-2016-4666, CVE-2016-4677,     CVE-2016-7578)

  - Multiple unspecified flaws exist in the System Boot     component, within MIG generated code, due to improper     validation of input. A local attacker can exploit these     to terminate the system or execute arbitrary code with     elevated privileges. (CVE-2016-4669)

  - A memory corruption issue exists in the CoreGraphics     component when handling specially crafted JPEG files. An     unauthenticated, remote attacker can exploit this, via a     specially crafted file, to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2016-4673)

  - An unspecified logic issue exists in libxpc that allows     a local attacker to execute arbitrary code with root     privileges. (CVE-2016-4675)

  - A flaw exists in libarchive due to improper path     validation when creating temporary files during archive     extraction. An unauthenticated, remote attacker can     exploit this, via a symlink attack, to overwrite     arbitrary files. (CVE-2016-4679)

  - An unspecified flaw exists in the Kernel component due     to improper sanitization of input. A local attacker can     exploit this to disclose kernel memory contents.
    (CVE-2016-4680)

  - An overflow condition exists in the FontParser component     due to improper validation when parsing font files. An     unauthenticated, remote attacker can exploit this to     cause a buffer overflow, resulting in a denial of     service condition or the execution of arbitrary code.
    (CVE-2016-4688)

  - A flaw exists in the CFNetwork Proxies component when     handling proxy credentials that allows a     man-in-the-middle attacker to disclose sensitive user     information. (CVE-2016-7579)

  - A flaw exists in the AppleMobileFileIntegrity component     due to improper validation of code signatures. A local     attacker can exploit this to have a signed executable     substitute code with the same team ID. (CVE-2016-7584)

  - Multiple race conditions exist in various IOKit drivers     related to how they use task struct pointers. A local     attacker can exploit this to execute arbitrary code with     kernel-level privileges. (CVE-2016-7613)

Note that only 4th generation models are affected by these vulnerabilities.

Detections

Analytics

Apple TV < 10.0.1 Multiple Vulnerabilities

high Nessus Plugin ID 94337

Version 1.11