Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2746.2
tvOS 12.4
14 August 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Apple tvOS
Publisher: Apple
Operating System: Apple iOS
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote/Unauthenticated
Unauthorised Access -- Console/Physical
Resolution: Patch/Upgrade
CVE Names: CVE-2019-13118 CVE-2019-8698 CVE-2019-8690
CVE-2019-8689 CVE-2019-8688 CVE-2019-8687
CVE-2019-8686 CVE-2019-8685 CVE-2019-8684
CVE-2019-8683 CVE-2019-8681 CVE-2019-8680
CVE-2019-8679 CVE-2019-8678 CVE-2019-8677
CVE-2019-8676 CVE-2019-8673 CVE-2019-8672
CVE-2019-8671 CVE-2019-8669 CVE-2019-8666
CVE-2019-8662 CVE-2019-8660 CVE-2019-8658
CVE-2019-8657 CVE-2019-8649 CVE-2019-8647
CVE-2019-8646 CVE-2019-8644 CVE-2019-8641
CVE-2018-16860
Reference: ESB-2019.2737
ESB-2019.1742
Original Bulletin:
https://support.apple.com/en-au/HT210351
Revision History: August 14 2019: Added CVE-2019-9506
July 23 2019: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
APPLE-SA-2019-8-13-4 Additional information for
APPLE-SA-2019-7-22-5 tvOS 12.4
tvOS 12.4 addresses the following:
Bluetooth
Available for: Apple TV 4K and Apple TV HD
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole
Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of
University of Oxford, England
Entry added August 13, 2019
Core Data
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
Core Data
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8647: Samuel Gross and Natalie Silvanovich of Google Project
Zero
Core Data
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8660: Samuel Gross and Natalie Silvanovich of Google Project
Zero
FaceTime
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu
Foundation
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel Gross and Natalie Silvanovich of Google Project
Zero
Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: An issue existed in Samba that may allow attackers to perform
unauthorized actions by intercepting communications between services
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team
and Catalyst
libxslt
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input
validation.
CVE-2019-13118: found by OSS-Fuzz
Profiles
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to restrict access to
websites
Description: A validation issue existed in the entitlement
verification. This issue was addressed with improved validation of
the process entitlement.
CVE-2019-8698: Luke Deshotels, Jordan Beichler, and William Enck of
North Carolina State University; Costin Carabas and Razvan Deaconescu
of University POLITEHNICA of Bucharest
Quick Look
Available for: Apple TV 4K and Apple TV HD
Impact: An attacker may be able to trigger a use-after-free in an
application deserializing an untrusted NSDictionary
Description: This issue was addressed with improved checks.
CVE-2019-8662: Natalie Silvanovich and Samuel Gross of Google Project
Zero
Siri
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
UIFoundation
Available for: Apple TV 4K and Apple TV HD
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of document loads.
This issue was addressed with improved state management.
CVE-2019-8690: Sergei Glazunov of Google Project Zero
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of synchronous
page loads. This issue was addressed with improved state management.
CVE-2019-8649: Sergei Glazunov of Google Project Zero
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8644: G. Geshev working with Trend Micro's Zero Day
Initiative
CVE-2019-8666: Zongming Wang and Zhe Jin from Chengdu
Security Response Center of Qihoo 360 Technology Co. Ltd.
CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative
CVE-2019-8671: Apple
CVE-2019-8672: Samuel Gross of Google Project Zero
CVE-2019-8673: Soyeon Park and Wen Xu of SSLab at Georgia Tech
CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech
CVE-2019-8677: Jihui Lu of Tencent KeenLab
CVE-2019-8678: Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong
(@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu
(@straight_blast) of VX Browser Exploitation Group, Chris Chan
(@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok
(@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan_h0)
of Knownsec, Byron Wai of VX Browser Exploitation, P1umer of ADLab of
Venustech
CVE-2019-8679: Jihui Lu of Tencent KeenLab
CVE-2019-8680: Jihui Lu of Tencent KeenLab
CVE-2019-8681: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8683: lokihardt of Google Project Zero
CVE-2019-8684: lokihardt of Google Project Zero
CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech,
Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL,
and Eric Lung (@Khlung1) of VXRL
CVE-2019-8686: G. Geshev working with Trend Micro's Zero Day
Initiative
CVE-2019-8687: Apple
CVE-2019-8688: Insu Yun of SSLab at Georgia Tech
CVE-2019-8689: lokihardt of Google Project Zero
Additional recognition
Game Center
We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of
Alibaba Inc. for their assistance.
MobileInstallation
We would like to acknowledge Dany Lisiansky (@DanyL931) for their
assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXVOSImaOgq3Tt24GAQioAw/7BIZKEpIu1t3qE/Fa0oOLugbcT5qhNMzF
tvvfoYSnvjnmy2vikCl+tjEWPC2nKpVeazLBTrQqdsHrWvKE5tYquAgb5kN7n3dH
0yojQ6yuQsdBAMNWm1Fv1DIzfNWYE31ls/47MsiwhG/RWtXIkj/c5QGlR2MCnHPB
r4PyuatCG2BrXPAGz4XUeffj8NWK99dAO5+QqfZnvlLXgmkWTwZ5mgi9VEqIVyl8
IhiUSK9nSW9BOzkxXY9mTeBSWmJRlANylH/2PTCv5fdPOyNR2C2z9pXkY6vwAjls
5ksWjT/taHWnKVH61Vf37PqR0OQrayrEeQSeXl3H8jskee5Y8yJlhosAVzTxppGW
SA5BZm+5rIcRixEGWoAZErrpjtQWK21bZcQQ2vTK9uYwXHV7WxVk4cr9jdmQkRkc
2bcSM6fP9oRnpNXDtnk2PDBgE2jIP5gABV8akXe6qWnMRDAb+S9asZ1cKV2Utvro
F+V0PCFQ4CYQOCK7xGzaUyW6rP4IilzxWsSMUbbMltEraMZ7iZjEZbI2KqLT2Yjk
s5DccKd/fI92m2ymB7VXJU3mTmn6fGvQQ+xD3PjnYX0/qEF//uygZuczO9KYq0Vo
UbzmcABJvzDworXGXSt3xy2OFZtPCb0acVG4wc+0OtApuaVinPfcnoMLoLxGInGH
Tc+HmjOG2t4=
=XQnj
-----END PGP SIGNATURE-----