Operating System:

[Apple iOS]

Published:

11 December 2019

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ESB-2019.4629 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.4629
                                 tvOS 13.3
                             11 December 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apple TV
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Root Compromise                 -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-15903 CVE-2019-8848 CVE-2019-8846
                   CVE-2019-8844 CVE-2019-8838 CVE-2019-8836
                   CVE-2019-8835 CVE-2019-8833 CVE-2019-8832
                   CVE-2019-8830 CVE-2019-8828 

Reference:         ESB-2019.4628
                   ESB-2019.4627

Original Bulletin: 
   https://support.apple.com/kb/HT201222

- --------------------------BEGIN INCLUDED TEXT--------------------

APPLE-SA-2019-12-10-5 tvOS 13.3

tvOS 13.3 is now available and addresses the following:

CFNetwork Proxies
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team

FaceTime
Available for: Apple TV 4K and Apple TV HD
Impact: Processing malicious video via FaceTime may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8830: Natalie Silvanovich of Google Project Zero

IOUSBDeviceFamily
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and
Luyi Xing of Indiana University Bloomington

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2019-8833: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8828: Cim Stordal of Cognite
CVE-2019-8838: Dr Silvio Cesare of InfoSect

libexpat
Available for: Apple TV 4K and Apple TV HD
Impact: Parsing a maliciously crafted XML file may lead to disclosure
of user information
Description: This issue was addressed by updating to expat version
2.2.8.
CVE-2019-15903: Joonun Jang

Security
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8832: Insu Yun of SSLab at Georgia Tech

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8835: Anonymous working with Trend Micro's Zero Day
Initiative, Mike Zhang of Pangu Team
CVE-2019-8844: William Bowling (@wcbowling)

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8846: Marcin Towalski of Cisco Talos

Additional recognition

Core Data
We would like to acknowledge Natalie Silvanovich of Google Project
Zero for their assistance.

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXfCDQWaOgq3Tt24GAQhAQRAAjg+q9r0Ary39xi2mI0zpefOfAz5S4w17
EL5Gi9JZFUtszdRXqxhLmNcY3jqe5OTsRz0gv2j7IJUCjYOoOxweUmMQLrsmPvSg
wngcKzlCxvW9vRuoL7GfEAbuYhmVWZNiqVslWm29y1t6yqktoHujAaVeEbxvTfc+
Rj0r/hHy7LqNo9asas31SGpN7uJ5w8zA8UroyCOw5r/AeD24CRSKxg88hLmVly30
bPJFswM6BL67TlwUQQNpGL3fYQTspAtrunXouPKME6SDhHMeqgOltyp0GSFHYO+m
oIN6mcWhjHvQbLxu+mbbG1nB2Q2cTTxyB0z2emtrnHmyEmXjjGdTcEabTmFwECH4
YHfd1+Jyo2a3dHW/Vpgw8PcgIALL6+jLZI9CwjZ0eOG/NAReQWtlj0PJttXPUm06
6O6J9H4rHVmnTthX0/2NqqQkkEZ4bEWsG2165A7v1+D7Vb2Z7MtrtaMpl4VBTXyD
LYtg4Q1tNG4l+MQRgRMdx96s+cWsRW4fUlhOkXQR76pnMszNH+ZDJ1xjrJcpH4eO
1VuGdZ1rTAHrPkji+GGyWafwVntF7sbNDk6oj8nLwOLGARmIeCXfz/NOa6y4/QBM
Xy2NskmBYvw8IYkUCKfltDtBm6SaWHiElh1ESDDFIphXoLTG/ZGeZVi+PPMBsvTd
+AiujiKyTmU=
=XPcS
-----END PGP SIGNATURE-----