exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2016-09-20-6

Apple Security Advisory 2016-09-20-6
Posted Sep 20, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-09-20-6 - The tvOS 10 advisory has been released to describe issues relating to memory corruption, code execution, and more.

tags | advisory, code execution
systems | apple
advisories | CVE-2016-4611, CVE-2016-4658, CVE-2016-4702, CVE-2016-4708, CVE-2016-4712, CVE-2016-4718, CVE-2016-4725, CVE-2016-4726, CVE-2016-4728, CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4737, CVE-2016-4738, CVE-2016-4753, CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, CVE-2016-4768, CVE-2016-4772, CVE-2016-4773, CVE-2016-4774, CVE-2016-4775, CVE-2016-4776, CVE-2016-4777, CVE-2016-4778
SHA-256 | ab45f96469bc940b0ae9cf0757fe1cbccc4121a9a24ef6478e6e25e9f26ebe40

Apple Security Advisory 2016-09-20-6

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-6 tvOS 10

The tvOS 10 advisory has been released to describe the entries below:

Audio
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016

CFNetwork
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016

CoreCrypto
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016

FontParser
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016

IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016

IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016

Kernel
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016

Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016

Kernel
Available for: Apple TV (4th generation)
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4775: Brandon Azad
Entry added September 20, 2016

Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016

Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016

libxml2
Available for: Apple TV (4th generation)
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016

libxslt
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016

Security
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016

WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016

WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4730: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016

WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.a

To check the current version of software, select
"Settings -> General -> About.a

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJX4YUuAAoJEIOj74w0bLRGEKwQAND90p4tiCZDr5z+T94m4428
e2g+h5c5RtY0tV7j1whSLrPSoX0ez7S9T3p9/O9VoHHKhm8AvE/bqm79tjsi4TwB
oEutlCLTRvq8LeDbIhG5qDsUm+bTfgBfJ+1XCHLVFi2Bbm0fZgi6TbDsSCxLgmZU
DWNfUz24QV1gOMS7rZVQ8Og7tNQsv78CExENnQFgN0dM9XfAn97JgTnwQwzjf9sf
ywbbhVjLOH1NTrevFisZKq8NLbh+keXT8Ek8axyvk2CiVOeWFoRrVtZX03J73iAG
NCCiY1wgKSET91lLyBkneWj4eeHH1kvZ/DExfg7MxTg3N9z7EHSyKF1ON3BqdtBO
hSYpux4K+zN48bgPbgB+O+qy4t4m7mwrz2C4K7gW6whgN6DC/mH6P1qyQv4rXBXv
LGzEjXzMjbb0Ux5xuw81tkFkfMEY2uRlgNaaYO0R86YinMkgOyRYdDbmbK62AReq
DWuiB0o0CJ9ip8YKLuBS7jT5/0uNEp4Nc6s1Y/D4hx/SxIhNRPMRryoEkrFLxG0q
hZBaNeCKa+Vy7S0Tfd8c3x3vUybpaRZjFUlal3cD2hgLiKkxMFIKli+y5rNCG8zH
EbLmWFA8RwaDlEKkKmKD8bASRqw/tILbgJ9E5As0U12h81CJsNPDweQTShaN6Z+B
svyBFoBkuLMo7dSDZ9iW
=y/KT
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close