Detections
Analytics

Apple TV 9.2.x < 9.2.1 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9431

Synopsis

The version of this Apple TV device is not current and is thus unpatched for multiple vulnerabilities.

Description

Versions of Apple TV 9.2.x earlier than 9.2.1 are vulnerable to the following issues :

 - 'Libxml2' contains an out-of-bounds read flaw in the 'xmlParseEndTag2()' function found within 'parser.c'. The vulnerability is triggered when parsing an end tag. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1838)
 - An out-of-bounds read flaw in the 'xmlNextChar()' function found within 'parserInternals.c' is triggered when parsing characters in an XML file. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1833)
 - An overflow condition exists within the 'htmlParseName()' and 'htmlParseNameComplex()' functions of 'HTMLparser.c'. The issue is triggered as user-supplied input is not properly validated when parsing characters in a range. With a specially crafted file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-1839)
 - A use-after-free error is triggered when handling 'GraphicsContext' objects in memory. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and execute arbitrary code. (CVE-2016-1859)
 - A use-after-free error is triggered when handling 'TextTrack' objects in memory. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and execute arbitrary code. (CVE-2016-1856)
 - A use-after-free condition is triggered as user-supplied input is not properly validated when handling 'ArrayStorage DFG' optimization. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and execute arbitrary code. (CVE-2016-1857)

Solution

Upgrade Apple TV to 9.2.1, or later.

See Also

https://support.apple.com/en-us/HT206567

https://support.apple.com/en-us/HT206568

https://support.apple.com/en-us/HT206564

https://support.apple.com/en-us/HT206566

Plugin Details

Severity: Medium

ID: 9431

Published: 7/25/2016

Updated: 3/6/2019

Nessus ID: 91311

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:apple_tv

Patch Publication Date: 5/23/2016

Vulnerability Publication Date: 11/24/2015

Reference Information

CVE: CVE-2016-1833, CVE-2016-1838, CVE-2016-1839, CVE-2016-1856, CVE-2016-1857, CVE-2016-1859

BID: 78735