SynopsisThe version of this Apple TV device is not current and is thus unpatched for multiple vulnerabilities.
DescriptionVersions of Apple TV earlier than 9.1 are vulnerable to the following issues :
- A flaw exists within the 'IOAcceleratorFamily' component. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with system privileges. (CVE-2015-7109)
- A use-after-free condition is triggered when parsing disk images. This may allow a local attacker to dereference already freed memory and potentially execute arbitrary code with kernel privileges. (CVE-2015-7110)
- A memory corruption vulnerability exists within the 'ASN.1 decoder'. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted certificate. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-7059, CVE-2015-7060, CVE-2015-7061)
- A flaw exists due to the program failing to properly perform authorization checks. This may allow a local attacker to install arbitrary configuration profiles. (CVE-2015-7062)
- A flaw exists within legacy functionality that is triggered in the way Keychain access interacts with the Keychain agent. This may allow a local attacker to spoof as a valid Keychain server. (CVE-2015-7045)
SolutionUpgrade Apple TV to 9.1, or later.