ESB-2017.3123 - [Mac] tvOS : Multiple vulnerabilities 2017-12-07

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.3123
                      APPLE-SA-2017-12-6-4 tvOS 11.2
                              7 December 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           tvOS
Publisher:         Apple
Operating System:  Mac OS
Impact/Access:     Root Compromise                -- Existing Account            
                   Access Privileged Data         -- Remote/Unauthenticated      
                   Denial of Service              -- Existing Account            
                   Provide Misleading Information -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-13876 CVE-2017-13869 CVE-2017-13868
                   CVE-2017-13867 CVE-2017-13865 CVE-2017-13862
                   CVE-2017-13861 CVE-2017-13855 CVE-2017-13833
                   CVE-2017-13080  

Reference:         ESB-2017.3120
                   ESB-2017.3121
                   ESB-2017.3122

Original Bulletin: 
   https://support.apple.com/en-au/HT208327

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-12-6-4 tvOS 11.2

tvOS 11.2 addresses the following:

IOSurface
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13861: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
CVE-2017-13876: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero

Wi-Fi
Available for: Apple TV (4th generation)
Released for Apple TV 4K in tvOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN+kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZUug//
RGywQvg+ks1/IDLXTWLlGUuXJIaAr0Gtkd6iToG+x9GdwwWVkwxMJhS/7GxqRbOt
eg8o81VGO6tWYKh2LIuHTpc7s7/vYT3icFM794ghwsgq7uyPp8nF5AWcT29ne2C/
lV+rcpo/fWExVa5wFCb9lkDzTOStqhDO33zbhrcCs9P5cjCE+aPaSeqdOi50/BlZ
/LmlOIUAPpAr5k5DeuAxO93KzVSFFQF7cT9oH7f+2SVsWyW1+K6QKuKjaeNjA7nk
Ff3vGOCJsHpjnWK2E1JEZUunWwXcoSNhFfLSMQMxaIrZRu02THn4aeCmerzC9mr0
eJDWCijsvnJXBMgeqcdlRmx2aaN//NCUU9vE6Uwpg6whjSb6/s48iyj4Lc/8aKO7
5TEOqMJu3JmzP2dTvVRtxQVfnsgOm/YHw5qHJepG8nHbZCq2GBFRsS1jc7+9PZ81
V206C97GQAlcDQlv1T+oMnwaDJJ0rwfRIeEXQXaTloHUt5sQU3MeBBXH2NL2ZsPD
4bxTz5BPshi07fkqmDXQ3pTxztaorD25l4vt4e1KF20JH4R75ijZWe1HpNMC3UqA
Mi+Lv8Wq2SkS7URBtlT+WxO8S7aZO1SPFBXjtUhwAfc/NHodP4cnyYkacGvYwPhm
5jHu7bnSkO9BmQnCYKSkxMHOrOPxYZjHMUISFC6M4CA=
=OsEg
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWiiD0Yx+lLeg9Ub1AQjAYg/+MYka/zhJA9JjheC0JBmdhy8u69MxDmaJ
8aiivrgFWa24M2UvaJvXO/FV6SSToPaT5e4cB2bD/gRvIAuSLz4qM1Nro5+Ta1t9
dJ8Sh29erBN/tRLREjeqwUq5GmcU+aYZ8E428StTkOk+WKsKMkCSDPvRXnXGwaeZ
vCptOnnZRR7yQ7iMOhgdmYfUeRLfdRcCszn/MgGF6kN+zTL+cyLx0XUNIERHQfZA
VrMOq7Jo4kOoQeJp1m5QhJkOA+3nUqUgUnSq/6Azu6CkUWpENM53TtgAv9PnvTe6
UDxHWBxFfTyTlLqhshmfZGGIiR5MTSPK+JCUh2t6maF9n7xeH7G653xQNCfYwb8C
+/KDDDZZBbWbaKy1WyFlJlGP5dzitHwg0rSRnoGDAQVmjHKU96ppFhLvFA+bZ6Jt
bY6cn8ChG2CVkSdzT7r/NnGHbdlWaaomBKAAmYEmPRobOh55naado3WpHtaGXHxi
aqK7wJ9PvaGqufW6iIJ+BYNldHUNhUqoiaovXDbKltGry0tfQBI5+ElCMQ6OoQWn
C2T9i/GKX391uXc9jI2q4ITacAsFnB1ebxB8KSljD+gxLMD1G3GAwtLsrI+CjtdO
RRbF6UKrJ/UbLQkxQw0e35pQZLRxc+4iSoftprLMZQ8aZO3MSFT39qIcCEUDOS+P
w1x7tZ0WcK4=
=l/NS
-----END PGP SIGNATURE-----

« Back to bulletins