Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2862 APPLE-SA-2018-9-24-6 tvOS 12 25 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apple tvOS Publisher: Apple Operating System: Apple iOS Impact/Access: Root Compromise -- Remote with User Interaction Access Privileged Data -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Remote with User Interaction Cross-site Scripting -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-5383 CVE-2018-4363 CVE-2018-4361 CVE-2018-4359 CVE-2018-4358 CVE-2018-4345 CVE-2018-4344 CVE-2018-4336 CVE-2018-4328 CVE-2018-4323 CVE-2018-4321 CVE-2018-4318 CVE-2018-4317 CVE-2018-4316 CVE-2018-4315 CVE-2018-4314 CVE-2018-4313 CVE-2018-4312 CVE-2018-4309 CVE-2018-4306 CVE-2018-4305 CVE-2018-4299 CVE-2018-4197 CVE-2018-4191 CVE-2016-1777 Reference: ASB-2018.0190 ASB-2018.0184 ESB-2018.2858 ESB-2018.1655.2 ESB-2016.2961 ESB-2016.0748 Original Bulletin: https://support.apple.com/en-au/HT209107 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-9-24-6 tvOS 12 tvOS 12 addresses the following: Auto Unlock Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Bluetooth Available for: Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham iTunes Store Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation. CVE-2018-4363: Ian Beer of Google Project Zero Safari Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MürÅ\x{159}ide Ã\x{150}zünenek Anadolu Lisesi - Ankara/Türkiye, Mehmet Ferit DaÅ\x{159}tan of Van Yüzüncü Yıl University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4197: Ivan Fratric of Google Project Zero CVE-2018-4306: Ivan Fratric of Google Project Zero CVE-2018-4312: Ivan Fratric of Google Project Zero CVE-2018-4314: Ivan Fratric of Google Project Zero CVE-2018-4315: Ivan Fratric of Google Project Zero CVE-2018-4317: Ivan Fratric of Google Project Zero CVE-2018-4318: Ivan Fratric of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. CVE-2018-4345: an anonymous researcher WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel Groβ (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroÃ\x{159} (@5aelo) WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by Google OSS-Fuzz Additional recognition Assets We would like to acknowledge Brandon Azad for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Sandbox Profiles We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlupKOAACgkQeC9tht7T K3HFRg/+Nd6yWw+x1X+96qJ3QYfgl804+CbwTi12Yj6dhsPVZ3q0vmNCYwkBGjLQ p+tRbEv4EyslsZjclludMw3XjyoWsgzwDr6M9lERXMfXT2RGkVWtt641uUpudl/T rbP7KBXarnbOSr2LUHNj8ddUUGAVr1YC/olVj6ND1KVE51SQsHVtlW5pIC1wxwHY OJWV+V6ChZF1nPN/dXvIjF49AxOTVYkB4cloeqbKBVKYaYxD9LCXmWl2y6hwn/Gu kmt0pnW7eYbreKzufIkNwL5KhXhoC2DXR5SIm1XO3q2sqKlm6lnpr6PtWMe2kU3t pVQZVlexKv1ayPTC92/QusASL7jjMNiHKj0TomiYyODJyo+NWaNEyQXBAS8npNqC 82MDQS/9Ia6n+s7p9GQnWrytJJRFwVKfzJtL+o9xWc569ZB01QLBDK3I8Cy2djog YGQRfOZAjuG8wWlFlg5izr2gXSXUmOBKswLo0WVi1GAmpy3EHLSQuegE4ZAoDPeK IKRoOB1x4J6kuJpQEuted6R5neQHl7tT1DGB6eqrmsgf67CEcjCJtELTt1o0IjvT bI4AybcuqsfG98rxuO5HN/40oCrtVDP0jInlXYyku9KR7ImFuXeWoyUNf4JV28Gi QuNcyJrA1f6xx3SrLxWhmi7TU3RA/r/59MpvBkSUcOHGE9aKgDY= =ZW2k - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW6mLPmaOgq3Tt24GAQhxwRAAoSJdIYH3J2wxp649xKfASrcxkwV92+oj wqcWhYb9st0PPa2XldiMpJLeTd+TjqnA4ZGbrzfbeVwWLiPidqTu52gsiI85sfs+ YszI8fL9oQL1KkNpiP0GqVSkX1Q+NowLaaYKtJehMJp4R9bGOSnz2XtsGhg2g1qr vcf0rZZgtwENk+5MawyALztCM8111Hv95n5CLR6g5wj2Od0t8yyGAtFenLoBQVhw gNXI8H0q72E1mFBgST1un6d2danOru1SEuLWk2tenG0QWc5oyrGovrehQQVGLxAV toNCNTmtULdTgrih7ubTNXQYD1vhK7R6iFJnwBLS5pQ1GXiYOm8oxsKpBPL4NhOL fkcgbDAQcAfQcQY5OooLDCWFF8I4qyBu0W50VQxNLY6/Oxqf2Av2G2o9Osg3rj2D PkTxJarVuhHgHT62UZYTlqQn4sFt+ffnWjguNg00XmeSmgI6lAhuRVAjziQLd2sU AtSbQEh0jr5sKDNarDXfg10sJjlzXqRRnQXI79mwTAaclDhXOL4ZIGUUtCn3Minv lOq+raz1Ib9BJotA/IiGABTcZDUTKLQ9s5CzJcWXDOfrfqN+0ZfuEyPo/Ii1OswP 4nNF8dqozfXkvXtyA//4msuZkYf+Krn47xfWvvWTQ1Rr1krF60fvftPfrOVVr0jV ap4/ca8zuUs= =YWgJ -----END PGP SIGNATURE-----