Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apple TV 9.2.x < 9.2.1 Multiple Vulnerabilities

Medium

Synopsis

The version of this Apple TV device is not current and is thus unpatched for multiple vulnerabilities.

Description

Versions of Apple TV 9.2.x earlier than 9.2.1 are vulnerable to the following issues :

- 'Libxml2' contains an out-of-bounds read flaw in the 'xmlParseEndTag2()' function found within 'parser.c'. The vulnerability is triggered when parsing an end tag. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1838) - An out-of-bounds read flaw in the 'xmlNextChar()' function found within 'parserInternals.c' is triggered when parsing characters in an XML file. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1833) - An overflow condition exists within the 'htmlParseName()' and 'htmlParseNameComplex()' functions of 'HTMLparser.c'. The issue is triggered as user-supplied input is not properly validated when parsing characters in a range. With a specially crafted file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-1839) - A use-after-free error is triggered when handling 'GraphicsContext' objects in memory. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and execute arbitrary code. (CVE-2016-1859) - A use-after-free error is triggered when handling 'TextTrack' objects in memory. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and execute arbitrary code. (CVE-2016-1856) - A use-after-free condition is triggered as user-supplied input is not properly validated when handling 'ArrayStorage DFG' optimization. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and execute arbitrary code. (CVE-2016-1857)

Solution

Upgrade Apple TV to 9.2.1, or later.