ESB-2017.2768 - [Apple iOS] Apple TV: Multiple vulnerabilities 2017-11-01

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2768
                                 tvOS 11.1
                              1 November 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apple TV
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Root Compromise                -- Remote with User Interaction
                   Access Privileged Data         -- Remote/Unauthenticated      
                   Modify Arbitrary Files         -- Remote with User Interaction
                   Denial of Service              -- Remote with User Interaction
                   Provide Misleading Information -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-13849 CVE-2017-13804 CVE-2017-13803
                   CVE-2017-13802 CVE-2017-13799 CVE-2017-13798
                   CVE-2017-13796 CVE-2017-13795 CVE-2017-13794
                   CVE-2017-13793 CVE-2017-13792 CVE-2017-13791
                   CVE-2017-13788 CVE-2017-13785 CVE-2017-13784
                   CVE-2017-13783 CVE-2017-13080 

Reference:         ESB-2017.2638
                   ESB-2017.2620
                   ESB-2017.2600
                   ESB-2017.2599

Original Bulletin: 
   https://support.apple.com/en-au/HT208219

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-3 tvOS 11.1

tvOS 11.1 is now available and addresses the following:

CoreText
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted text file may lead to an
unexpected application termination
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2017-13849: Ro of SavSec

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13799: an anonymous researcher

StreamingZip
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious zip file may be able modify restricted areas of
the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-13785: Ivan Fratric of Google Project Zero
CVE-2017-13784: Ivan Fratric of Google Project Zero
CVE-2017-13783: Ivan Fratric of Google Project Zero
CVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-13798: Ivan Fratric of Google Project Zero
CVE-2017-13795: Ivan Fratric of Google Project Zero
CVE-2017-13802: Ivan Fratric of Google Project Zero
CVE-2017-13792: Ivan Fratric of Google Project Zero
CVE-2017-13794: Ivan Fratric of Google Project Zero
CVE-2017-13791: Ivan Fratric of Google Project Zero
CVE-2017-13796: Ivan Fratric of Google Project Zero
CVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day
Initiative
CVE-2017-13803: chenqin (é\x{153}\x{136}é\x{146}¦) of Ant-financial Light-Year Security

Wi-Fi
Available for: Apple TV 4K
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u78pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYANRAA
mwauLif6cLmTRZf4ENKJUA1oMP5xVnua/W8eG3Pb5/7InUls4m3chSI0uCzcGD4w
Z4wVG/2ONKfHU/xjAB/IJcnBphQUsJyKyYp+mMDJHt5HJPW1gpyzdKoSmy3plFPM
Pghs6v5DaG1vF9s+zqNrnBQwX0Juqwo87CBcDfg5862p5gxWocpSsLGZ0DZ9sErn
eMkD/jTG9H4XYsI7T34DvDzCdFsFWGPPN6nWb9Vb0tcW4D/1WSaxJKJApXdJU6yz
Fj6W7CnFOkw7SSA1qb2xl7FyVN4mzxRTRF0f8IsCQfzI7kLpNJ6rIFX0kca8FVYM
ORzOLigK4eUuEeuCRV32yZuvxDF/2st3TzmFs0XKnzzd9MTIsqZogh/cv7v3MCUd
FBhfEiANx86AO6OZ5VtTzqLbchm3Dws15s6G94Cmj/epuGgHYpnKnJewlpX/pVW+
QSJ+QY/q9ucjd9pnDbcutt8gfY0NCLlyjix5i0I/zAm1LhqGJJAmh1nAziiIPfzl
BwI+awHCJMn9MTI56vrNsyfMIdd2X7Cux5OxEmr0sMkjAYdf3HVXA8fMb7tzukRT
br+WwVWAskuJCC2PiYHcGz1x7GTzZBWXPJ6/U1K+PsUSfN/nQKdh2U3L7ivVfRWi
sB8o+ec+qJeAoT41wLeCb67PgvFF//Gul8g5eh68wCI=
=255g
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWflkz4x+lLeg9Ub1AQjfxg//cobB4dw2zG8UP+ByaNj5gi/RFVgQB0ds
RCu2nme6JzjVm/TyZjXRqToDj+3jzz3AXes/TMj+bnHeRa9m2joWj5TDZmVJqEP1
aSEvDvng1BB5zlIfr4zhBwDHOMU2ovAJOqUforJWhp3Nr+Kvf/7LStA44+0WsQNZ
4A9zfAt+7w+qQNqzekITkFUuHAAqd0imH+U3f+wc4Llp1+hgAE6cCybwlEXvzeej
ZgFF9vcSCV+N+3/WQxQIbl4ukZlBJfprTrDSV8oGTtCfZGEKSrAPaz/Pg3uvyst5
8BsT//fVXyKx9x8G2jfv+G+ewH26TFt+9n5W35n+D3rm6cjxuZPkxys58HxanBjE
M7utXteJxOEGynHx29kCoG9KbSxp197z+vnjbQRB11FUq3CnGexn/VdADt58N1wt
Bvzof54hPHXWUzFoZGvF1p79pgI5h2bulBlU9Gq7X0/lG+rODua5KFkaHX9Mn8a5
gCkTbVKKXSJRkmX8mcEP5v74cba58J0pMxf59pRn0cde2hXG9sL571iTl+o/fB9C
xdx/Vn+5ewi0yzoNPOgG9wZDBC3TP5jWnTHm/s+PXPjkfjHZ5yu9SSuJO8aGvYBf
ID6rVRL+JGQyEiCdVGOClmnx9ZoChzQ6xOxv4KrFdlv+RyUb88OEbGVPYEFT5x5Y
yfbZyeIi7e0=
=0RPT
-----END PGP SIGNATURE-----

« Back to bulletins