-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-6 tvOS 10

The tvOS 10 advisory has been released to describe the entries below:

Audio
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016

CFNetwork
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016

CoreCrypto
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016

FontParser
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016

IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016

IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016

Kernel
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016

Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016

Kernel
Available for: Apple TV (4th generation)
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4775: Brandon Azad
Entry added September 20, 2016

Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016

Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016

libxml2
Available for: Apple TV (4th generation)
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016

libxslt
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016

Security
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016

WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016

WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4730: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016

WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.a

To check the current version of software, select
"Settings -> General -> About.a

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJX4YUuAAoJEIOj74w0bLRGEKwQAND90p4tiCZDr5z+T94m4428
e2g+h5c5RtY0tV7j1whSLrPSoX0ez7S9T3p9/O9VoHHKhm8AvE/bqm79tjsi4TwB
oEutlCLTRvq8LeDbIhG5qDsUm+bTfgBfJ+1XCHLVFi2Bbm0fZgi6TbDsSCxLgmZU
DWNfUz24QV1gOMS7rZVQ8Og7tNQsv78CExENnQFgN0dM9XfAn97JgTnwQwzjf9sf
ywbbhVjLOH1NTrevFisZKq8NLbh+keXT8Ek8axyvk2CiVOeWFoRrVtZX03J73iAG
NCCiY1wgKSET91lLyBkneWj4eeHH1kvZ/DExfg7MxTg3N9z7EHSyKF1ON3BqdtBO
hSYpux4K+zN48bgPbgB+O+qy4t4m7mwrz2C4K7gW6whgN6DC/mH6P1qyQv4rXBXv
LGzEjXzMjbb0Ux5xuw81tkFkfMEY2uRlgNaaYO0R86YinMkgOyRYdDbmbK62AReq
DWuiB0o0CJ9ip8YKLuBS7jT5/0uNEp4Nc6s1Y/D4hx/SxIhNRPMRryoEkrFLxG0q
hZBaNeCKa+Vy7S0Tfd8c3x3vUybpaRZjFUlal3cD2hgLiKkxMFIKli+y5rNCG8zH
EbLmWFA8RwaDlEKkKmKD8bASRqw/tILbgJ9E5As0U12h81CJsNPDweQTShaN6Z+B
svyBFoBkuLMo7dSDZ9iW
=y/KT
-----END PGP SIGNATURE-----