Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0561 Apple TV 6.1.1 23 April 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apple TV Publisher: Apple Operating System: Apple iOS Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-1713 CVE-2014-1320 CVE-2014-1313 CVE-2014-1312 CVE-2014-1311 CVE-2014-1310 CVE-2014-1309 CVE-2014-1308 CVE-2014-1307 CVE-2014-1305 CVE-2014-1304 CVE-2014-1303 CVE-2014-1302 CVE-2014-1300 CVE-2014-1299 CVE-2014-1298 CVE-2014-1296 CVE-2014-1295 CVE-2013-2871 Reference: ASB-2014.0029 ESB-2014.0560 ESB-2014.0558 ESB-2014.0421 ESB-2014.0381 ASB-2013.0083 ESB-2013.0994 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple TV 6.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris Apple TV Available for: Apple TV 2nd generation and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris Appel TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may cause an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2871 : miaubiz CVE-2014-1298 : Google Chrome Security Team CVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1300 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative CVE-2014-1302 : Google Chrome Security Team, Apple CVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative CVE-2014-1304 : Apple CVE-2014-1305 : Apple CVE-2014-1307 : Google Chrome Security Team CVE-2014-1308 : Google Chrome Security Team CVE-2014-1309 : cloudfuzzer CVE-2014-1310 : Google Chrome Security Team CVE-2014-1311 : Google Chrome Security Team CVE-2014-1312 : Google Chrome Security Team CVE-2014-1313 : Google Chrome Security Team CVE-2014-1713 : VUPEN working with HP's Zero Day Initiative Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVeuDAAoJEPefwLHPlZEwi1gQAKQn8w9zSwYjMTj7wLrucXdc 19j5H2gpJUZOc+banSg49DKorF+rJY7EF+cL2FzYC93aYa4E+LMXNpgl/xbiNKSZ O8RxAGs/6YlgT6iU/kHjx5CX+g4whFBVx56QlPv3CUFGwa1XSv5CdXqjGZANgkHz uTWxI6E2avi5uMUnyAuVcNDaq50rUxkCzSFDvdkCOAhWkeicR0QsYXq82W6mo6p9 rEueQ9KjM8hZEsGc6stBdXCsd7Thk3eHhQS/OasPz8GLUoc213goqmjaSPRQFRlS Ya6YDLtyY0OdL2wNeiSC33EBhoPCjCbyMUFD2iLDZNblMwRa21MhlDXVSOaF03/8 QHeLacDY1+poax0e+VxZukhyDNNXjtOgCkd9kx86/vyinb/GqOKm+6tkaSriusc8 ImWorSbb32EfmSXIGnDL1TzTDES/UigOU6zgwappGH/DS9djHQxVFZ++N+WaVBiX dhFPLNjKB8yWXBnHb95UzKJuWU0h13rkE9FlsGkSGxeZJRGPrvK/K4XAIviqU1yc YePX4MY8yywD4jg74QrsZRLgkfn3N/T5LCsC3KD4ejrIkvLxui3hqRGVOK7Vdssk F43/4FKOXk46s3xIuwlYcLuwCyLyisxrVawAsf8R6ReadKlmch2fJrnG9YqKZwki 74O1bqU5Zc80vDx+/x2O =sFDM - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU1cmCxLndAQH1ShLAQLrkg/+IabDdHuvZzevCxbR+T98phqmKvVaEpY3 YgqRnen4zGNmKwhObjRuRkjyjfpwhq9JYW0DwuBN194bDRy3C3Ytq1TmRG1Bi0h7 cb8thGP3RYN6HxaOgC/+NudWm855j699i5m16PrvscB/A4DKulJvPxYj4AZP8JEm COpdo5bA7NgCf7fxHtdbde7SURfNhJkIB8JGVZbPEKgvi0hpik83mEHRy2OuvJEl lp85Ox/4Tls9MWe8DkGCaGwU2O7PbtWK4mS2sobIEd0zilWe8YmgMR8k2js3KWo7 n9AAmDcilCgPsDGCNYdLbpZcGTr2HkUrwUKbn2DCtkM3op8YXEykGEf++vazw3aN ufRfujesAJwzoza5lfSF9NwqSp7pw5TZMKyeONk3hyO0iGAcD54DtbOqs0Egr3nj YruuaToxy8YLe4TutQJV79cQ49T2CN/64YZzMNlU0/bBAlbrEzIcnyhGoI59u6CP eN2unvX200eXxY4c9afFx3Xn6ZPLxFZ8NjVI9RKy65s1XhEJamE3HsHwR9Xho9ou Vc7zXYXZdn2mrenjyoZYbS8Y3Cwk56jkG7H3XMw2ZoKdchW1kxD33Fn8H2GA2ZJD PXbrb9pabTGoeQVGh7NQx4nWWHZdNkhjiyayrBy1TQTbvDXwTbHjgn+uZxmCdg97 k07RNeQJ4IU= =PbQG -----END PGP SIGNATURE-----