-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-07-18-4 tvOS 9.2.2

tvOS 9.2.2 is now available and addresses the following:

CoreGraphics
Available for:  Apple TV (4th generation)
Impact:  A remote attacker may be able to execute arbitrary code
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)

ImageIO
Available for:  Apple TV (4th generation)
Impact:  A remote attacker may be able to execute arbitrary code
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)

ImageIO
Available for:  Apple TV (4th generation)
Impact:  A remote attacker may be able to cause a denial of service
Description:  A memory consumption issue was addressed through
improved memory handling.
CVE-2016-4632 : Evgeny Sidorov of Yandex

IOAcceleratorFamily
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A null pointer dereference was addressed through
improved validation.
CVE-2016-4627 : Ju Zhu of Trend Micro

IOHIDFamily
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A null pointer dereference was addressed through
improved input validation.
CVE-2016-4626 : Stefan Esser of SektionEins

Kernel
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-1863 : Ian Beer of Google Project Zero
CVE-2016-1864 : Ju Zhu of Trend Micro
CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team

Kernel
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to cause a system denial of service
Description:  A null pointer dereference was addressed through
improved input validation.
CVE-2016-1865 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent, CESG

libxml2
Available for:  Apple TV (4th generation)
Impact:  Multiple vulnerabilities in libxml2
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4448 : Apple
CVE-2016-4483 : Gustavo Grieco
CVE-2016-4614 : Nick Wellnhofe
CVE-2016-4615 : Nick Wellnhofer
CVE-2016-4616 : Michael Paddon
CVE-2016-4619 : Hanno Boeck

libxml2
Available for:  Apple TV (4th generation)
Impact:  Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description:  An access issue existed in the parsing of maliciously
crafted XML files. This issue was addressed through improved input
validation.
CVE-2016-4449 : Kostya Serebryany

libxslt
Available for:  Apple TV (4th generation)
Impact:  Multiple vulnerabilities in libxslt
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-1684 : Nicolas GrA(c)goire
CVE-2016-4607 : Nick Wellnhofer
CVE-2016-4608 : Nicolas GrA(c)goire
CVE-2016-4609 : Nick Wellnhofer
CVE-2016-4610 : Nick Wellnhofer
CVE-2016-4612 : Nicolas GrA(c)goire

Sandbox Profiles
Available for:  Apple TV (4th generation)
Impact:  A local application may be able to access the process list
Description:  An access issue existed with privileged API calls. This
issue was addressed through additional restrictions.
CVE-2016-4594 : Stefan Esser of SektionEins

WebKit
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may lead to a system
denial of service
Description:  A memory consumption issue was addressed through
improved memory handling.
CVE-2016-4592 : Mikhail

WebKit
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may lead to arbitrary
code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4586 : Apple
CVE-2016-4588 : Apple
CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day
Initiative
CVE-2016-4623 : Apple
CVE-2016-4624 : Apple

WebKit
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may result in the
disclosure of process memory
Description:  A memory initialization issue was addressed through
improved memory handling.
CVE-2016-4587 : Apple

WebKit
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may compromise user
information on the file system
Description:  A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4591 : ma.la of LINE Corporation

WebKit
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may disclose image data from
another website
Description:  A timing issue existed in the processing of SVG. This
issue was addressed through improved validation.
CVE-2016-4583 : Roeland Krak

WebKit Page Loading
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may lead to arbitrary
code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4584 : Chris Vienneau

WebKit Page Loading
Available for:  Apple TV (4th generation)
Impact:  A malicious website may exfiltrate data cross-origin
Description:  A cross-site scripting issue existed in Safari URL
redirection. This issue was addressed through improved URL validation
on redirection.
CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,
Inc. (www.mbsd.jp)

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXA+AAoJEIOj74w0bLRGi6IP/2DDPP2Z208nJPL0+a+bMJA4
JUIrF0BM4wyr1Hy/Vb2zN5RkAZYeHwq8Jq9av9qu79Xgan2jcgPRWKSAiztp0BMx
kYPLi6PrpvWiWLHpqkWGnKVK1LmdBQXKrPsCmMJacKJ2TldBMofAiuh3QrjqZ7ud
GVbTB4HkjX2FnpCt25DkUK5Y5oWP8lv4rvB+iTfO/kVGfSMfrTg1HGH3s49+UTHV
GICBGi+L8yftmYaM10a5JjnOCRiIKXa95Kt1CTPrDxFSJG2QBmMBvSGV4qivyf6i
buqAso81LVWnJBIKjj21usJqm6Q1lqtU5MTElfDq0w/uo7oxL/eWB4e8H0lm9Jow
oD+ZepkO0SHQgwNWprMKrEbI/xow1CiYdxj/a8DYSuQicCjPZanQux04MurfmU5Q
YEkzj+oxuzBherHAVwqleHEglDOy6CJx/UCVoxnf0Tcj9FQOTzQ+aUqYMXrM33Yu
zhU4Eai/9PKLLuqQzhgXYqsSnHKu5ojzesunRo09D+Q1jjSyIXvhmUmCXBgDvcls
MfSUjWJJxniqj+C8zFeHuFEbPU70urVmUH7rWSBsRCRhjzwYMAWpPejkT/XDs1qm
SCTElHATr+BfvS0v1E5En2xNKXSodyJL1SaK9rHnkre+40+e0IJJbOQzbQH9MAcJ
ylGAp0etGDWZ40Q5IyH8
=N/Ug
-----END PGP SIGNATURE-----