Apple TV < 10.1.1 Multiple Vulnerabilities

High Nessus Plugin ID 96877

Synopsis

The remote Apple TV device is affected by multiple vulnerabilities.

Description

According to its banner, the version of Apple TV on the remote device is prior to 10.1.1. It is, therefore, affected by multiple vulnerabilities :

- A stack-based buffer overflow condition exists in libarchive in the bsdtar_expand_char() function within file util.c due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this, via a specially crafted archive, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-8687)

- A prototype access flaw exists in WebKit when handling exceptions. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose cross-origin data. (CVE-2017-2350)

- A type confusion error exists in WebKit when handling SearchInputType objects due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary code. (CVE-2017-2354)

- An unspecified memory initialization flaw exists in WebKit that allows an unauthenticated, remote attacker to execute arbitrary code via specially crafted web content. (CVE-2017-2355)

- Multiple memory corruption issues exist in WebKit due to improper validation of certain unspecified input. An unauthenticated, remote attacker can exploit these, via specially crafted web content, to execute arbitrary code. (CVE-2017-2356, CVE-2017-2362, CVE-2017-2369, CVE-2017-2373)

- A use-after-free error exists in the host_self_trap mach trap. A local attacker can exploit this, via a specially crafted application, to dereference already freed memory and thereby execute arbitrary code with kernel privileges. (CVE-2017-2360)

- A flaw exists in WebKit when handling page loading due to improper validation of certain unspecified input.
An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose cross-origin data. (CVE-2017-2363)

- A flaw exists in WebKit when handling variables due to improper validation of certain unspecified input.
An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose cross-origin data. (CVE-2017-2365)

- A heap buffer overflow condition exists in the mach_voucher_extract_attr_recipe_trap() function due to improper validation of certain unspecified input. A local attacker can exploit this, via a specially crafted application, to cause a denial of service condition or the execution of arbitrary code with kernel privileges. (CVE-2017-2370)

Note that only 4th generation models are affected by these vulnerabilities.

Solution

Upgrade to Apple TV version 10.1.1 or later. Note that this update is only available for 4th generation models.

See Also

https://support.apple.com/en-us/HT207485

http://www.nessus.org/u?f1c5d4b2

Plugin Details

Severity: High

ID: 96877

File Name: appletv_10_1_1.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 2017/01/30

Updated: 2018/12/14

Dependencies: 93741

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2017-2370

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:apple_tv

Required KB Items: AppleTV/Version, AppleTV/Model, AppleTV/URL, AppleTV/Port

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/01/23

Vulnerability Publication Date: 2016/09/11

Reference Information

CVE: CVE-2016-8687, CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2360, CVE-2017-2362, CVE-2017-2363, CVE-2017-2365, CVE-2017-2369, CVE-2017-2370, CVE-2017-2373

BID: 93781, 95727, 95728, 95729, 95731, 95736

APPLE-SA: APPLE-SA-2017-01-23-4