Apple TV < 9.1 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 9433
SynopsisThe version of this Apple TV device is not current and is thus unpatched for multiple vulnerabilities.
DescriptionVersions of Apple TV earlier than 9.1 are vulnerable to the following issues :
- A flaw exists within the 'IOAcceleratorFamily' component. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with system privileges. (CVE-2015-7109)
- A use-after-free condition is triggered when parsing disk images. This may allow a local attacker to dereference already freed memory and potentially execute arbitrary code with kernel privileges. (CVE-2015-7110)
- A memory corruption vulnerability exists within the 'ASN.1 decoder'. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted certificate. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-7059, CVE-2015-7060, CVE-2015-7061)
- A flaw exists due to the program failing to properly perform authorization checks. This may allow a local attacker to install arbitrary configuration profiles. (CVE-2015-7062)
- A flaw exists within legacy functionality that is triggered in the way Keychain access interacts with the Keychain agent. This may allow a local attacker to spoof as a valid Keychain server. (CVE-2015-7045)
SolutionUpgrade Apple TV to 9.1, or later.