ESB-2018.0239 - [Apple iOS] Apple tvOS: Multiple vulnerabilities 2018-01-24

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0239
        Multiple vulnerabilities have been identified in Apple tvOS
                              24 January 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apple tvOS
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Access Privileged Data          -- Existing Account            
                   Provide Misleading Information  -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-4096 CVE-2018-4095 CVE-2018-4094
                   CVE-2018-4093 CVE-2018-4092 CVE-2018-4090
                   CVE-2018-4089 CVE-2018-4088 CVE-2018-4087
                   CVE-2018-4086 CVE-2018-4085 CVE-2018-4082

Reference:         ESB-2018.0236

Original Bulletin: 
   https://support.apple.com/en-au/HT208462

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-23-4 tvOS 11.2.5

tvOS 11.2.5 is now available and addresses the following:

Audio
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4094: Mingi Cho, MinSik Shin, Seoyoung Kim, Yeongho Lee and
Taekyoung Kwon of the Information Security Lab, Yonsei University

Core Bluetooth
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team
CVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2018-4090: Jann Horn of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A race condition was addressed through improved locking.
CVE-2018-4092: an anonymous researcher

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4082: Russ Cox of Google

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4093: Jann Horn of Google Project Zero

QuartzCore
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
web content. This issue was addressed through improved input
validation.
CVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day
Initiative

Security
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A certificate may have name constraints applied incorrectly
Description: A certificate evaluation issue existed in the handling
of name constraints. This issue was addressed through improved trust
evaluation of certificates.
CVE-2018-4086: Ian Haken of Netflix

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4088: Jeonghoon Shin of Theori
CVE-2018-4089: Ivan Fratric of Google Project Zero
CVE-2018-4096: found by OSS-Fuzz

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlpng7kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZBpxAA
prOFNgYdkVj5Qho+Ppw6U/d4xQZKS614VPoD5cfOXR4SxOeDL00LxUkAwMLtIgJm
uZI54DR7zaixBoR8Yms4GN2//TgBjG50wvfpuMQiSDP8LZ4WPcHYI/faDFH43yf7
rLDYYSXv8olAZU6w+sM858zuPjx/C5lqykDIOCPiFIZMY1XpLNhcaEyw0jhUYlYm
t+KLLNyeXAmBRus/rB2WJk8vRYYwBm3Fz2VyKjUVpvc56ZfezmJTT9sfO/2Hbzaw
stduwdsvhGUUpiK/D866xHniJMngTQjOChIjNiP8RG/BaYG/iKejgaVjdOb7ZUsJ
vLbu6ctvg1UOMUHrfIotWOMI3LdJbTbTpjS9kCkLBj+ZO7jE+CKibflph7BDt0ND
Cafdg34DGu2K3bcCL+CMzscWocw0hPkyYWsxuHatJVuXBEfXfFuzioGzU4FHEeDC
tyRH6Fs+divJ23KEssbcieBP2JeA43j/ORjmigZYnAXb4Myge/NT/3eLzrJ9rfbP
J6QyVU6Zv7jzXdxKdzTMPqNH3RFRhK4ukeHUq9S57Oh6oICAXA6mWCJnlLEB0kST
qSunhULsrufCNVJ4KcfOWz5A0wYijbrylmsCSctaHrJs1nkdaZzNTwUZ/IYHP5Le
qApCYj3ugwMg/wpWdqtOYaMYiwglfIxv9xcwpqetH5o=
=7nmT
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWmfRtYx+lLeg9Ub1AQgxvQ//TWXmkVNLlze3xzqEsBYkkveZN6wZVdoS
SVWBfeeV5XtWpfEU6/4AzewyjlZPEq0SXJ9wST57rOP2lyKAOMuufR+zCYq9aRQC
TkJZArZC7JlL3tILUIUj9QhlDqldLELAp8L2yRuV2s6hs6ndYqpx63VnNy8gKz9Z
fZkvgGnuWewu7Py44D1bkRrYGymLExbDmMZgQTSDa48LAMglrgcOhJGFBd9o6snJ
0zSc7Au6OWeD6nwAWCQczCGV1kpMgowtAf2EntuDWDx+evEYhFb4bqsMl6+y9fF9
bpqYOVJyt+hf3jCG9xkm/3VDJAEbWWk+xsFDCc+ycMotuptwCucvW1D/RHUg4mbS
YhCcw4qz4AgebPIWMS89oEoOfJH34t85k1jxxga+n9Jz7i6CkXDimwiyJW/0ArAq
pryWrYKKHepSF3X2Po3IQyJTha/0IDYKBqPTENvkoQmTROUKIYviA7IuJMYm82N+
0QENdEmVerS/CsSErCSUSjJvMckHehDjGcKjdZ2aO4HN99zE0b53iPSwD9o9jXeU
w0q0om63jWm3bBXgSB+QlOqBnkO5D463yoYF5D7SHbvtDWbaiVuJ5nITi+rNhyn2
sdM6yym3zJC+s+FMRZtkYcuQ+m+HLmQkNbO9x3M9UaVSq/f0hvTU57xZWObgPbko
pLaIrHBRdb4=
=MZTk
-----END PGP SIGNATURE-----

« Back to bulletins