Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3646 tvOS 13 released with security fix 27 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tvOS Publisher: Apple Operating System: Apple iOS Impact/Access: Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-8704 Reference: ESB-2019.3642 Original Bulletin: https://support.apple.com/en-au/HT210604 - --------------------------BEGIN INCLUDED TEXT-------------------- APPLE-SA-2019-9-26-6 tvOS 13 tvOS 13 addresses the following: Keyboards Available for: Apple TV 4K and Apple TV HD Impact: A local user may be able to leak sensitive user information Description: An authentication issue was addressed with improved state management. CVE-2019-8704: (wAnyBug.Com) of SAINTSEC Additional recognition Keyboard We would like to acknowledge an anonymous researcher for their assistance. Profiles We would like to acknowledge James Seeley (@Code4iOS) of Shriver Job Corps for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXY1fX2aOgq3Tt24GAQjjAA//T1kTQbNxM5S6ZvtrTx1nd/xlfu1+qdzw 0lMgU0tyivkXewuaWaiIzYNxxgqDRliRi8wEnqLPWVCkgxcqBGmZw2CITT78FJU2 na+vMRKx/44M8bWwwEukb5/HZliZyhsdI/HjFEtW2gEYGeFydHrEN+vTu7d8OdMu lNRt7cyYjZJOBjIuPgLyGiW+J4N3teGz96TJhiRHhOPGfe49T9gRqhjr0tsdveZL rYKnTmvDbVxsW9DJeQ1MPetVfMoWSx+IUcEHnlwpM+Oqd4iIaLBYyCq6H6UnGrXg WbXXEmY7dxwuahGyjqcY8JaljdYc7nOZf7yIrMKmJYnMs6UmQQr8FSyXef8ig3kq FFv6A5rB9og/LUaQLtIoUAFHJ2WBuwNmliHa1Xao0W/5mct/MuVnVGw+HD0p+RfI bKpVMEXsmmLZZueJfCUNNMqDZLCNekbiG1pEMMqWpjoI/+wDqKGwMGINzFqZtK7D LXxA1Fawl7Ky+aLqvrpoks/HeK8CBYWYNRD3XLLAsB6P/UyNfSCCg9dUomvLvKNH sW5zefWiyW5O/vK7bP8W2mZG4TcdwrTgut5vT8F98he1FR4CBjLajh2jMbDRXISM JYao0PRjgVfVQCeqrgOil1jVrURBzQuOQc/k4s2kiMoE9oqnGAdUNfxKc0rYz9pj HT36n5UjE1o= =ZHo9 -----END PGP SIGNATURE-----