exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2016-10-24-4

Apple Security Advisory 2016-10-24-4
Posted Oct 24, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-10-24-4 - tvOS 10.0.1 is now available and addresses phishing, information disclosure, code execution, and other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | apple
advisories | CVE-2016-4660, CVE-2016-4664, CVE-2016-4665, CVE-2016-4669, CVE-2016-4673, CVE-2016-4675, CVE-2016-4677, CVE-2016-4679, CVE-2016-4680, CVE-2016-7579
SHA-256 | 8cf97ea4c246c77b3989cfb6cd8004c5f151ea63b3538383ecb66851efa37dd5

Apple Security Advisory 2016-10-24-4

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-10-24-4 tvOS 10.0.1

tvOS 10.0.1 is now available and addresses the following:

CFNetwork Proxies
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime

CoreGraphics
Available for: Apple TV (4th generation)
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent

FontParser
Available for: Apple TV (4th generation)
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab

Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input
sanitization.
CVE-2016-4680: Max Bazaliy of Lookout and in7egral

libarchive
Available for: Apple TV (4th generation)
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd

libxpc
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero

Sandbox Profiles
Available for: Apple TV (4th generation)
Impact: An application may be able to retrieve metadata of photo
directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)

Sandbox Profiles
Available for: Apple TV (4th generation)
Impact: An application may be able to retrieve metadata of audio
recording directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)

System Boot
Available for: Apple TV (4th generation)
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero

WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4677: An anonymous researcher working with Trend Micro's
Zero Day Initiative

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJYDlqXAAoJEIOj74w0bLRGwQAP/26B6nUbDzR4Pn4DKUtkiFv0
2S1TNH5rpWSPpCkyurVrxpvkr4cR548hYIKPPyMg/YTkNtjhyHHkV7OvZoc6/39U
kScZCJssfzFLmcz6egJZVASTARw0wPIkRHjG8CzjTdZTi6ZVUZ/l0fZtc3aUQ5AY
k+Rd46fJv/LJ17zbvvHPn6rX6ANNbXm1OE7VEqdt9sgZdCb/DKwCjccVBAiwXG7v
LyWUKkKBFy+dAKB5ZAKhij9rNXit/zleBUu738v12j+VKHi6+jKC2YJDOFCdiobo
XrLJWFADrqOWXDUKpz5crTC7yj8t9s2qSht7wetssuS6pntJ2aLj4y1kuFY6r2Wh
g/JflhGmOOwRGRoK8sqrvcCCMz58nUu9PoHieQaWmAkB2YXqXemUHIhi008/gEjA
NVKH8DqAHdPp2Hvlb4PJd19CB400Q1kZ09iNE6chAdbVoCXyE2s6u9Ow7rAz7qnY
oUoV0kMjCwFQ1DBs9yXEZwYX2t+zOMPyunDKDwZeNrSuFlUBXlBeExIMkiPO5duJ
KtwwrXNfiq/ipGywW1T+M+eihLMjpWa7Zz3O9gnUSVP8ckKFb++HOYmJuntVVHrb
k+OOMtrKZ960y5IbYJbb9RrEexLyEyrzNQIHvywXwxs9pxZEtIYC8rN6CzVqkZU3
6a+E5ZIzwGVIy16VDDzq
=V4xd
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close