Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apple TV < 7.0.4 Multiple Vulnerabilities

High

Synopsis

The remote host is missing a critical Apple TV patch update.

Description

According to its banner, the remote Apple TV device is missing a security update. It is, therefore, affected by the following vulnerabilities :

- There is a flaw in the way that the IOSurface component handles "type confusion" which would allow a remote attacker to execute arbitrary code as a privileged user. (CVE-2015-1061) - The MobileStorageMounter component allows attackers to create arbitrary filesystem locations. (CVE-2015-1062) - The Secure Transport component allows remote attackers to downgrade the encryption cipher. (CVE-2015-1067)

Solution

Upgrade to Apple TV 7.0.4 or later.