-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3183
                      APPLE-SA-2020-09-16-2 tvOS 14.0
                             17 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           tvOS
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Cross-site Scripting     -- Remote with User Interaction
                   Access Confidential Data -- Existing Account            
                   Reduced Security         -- Unknown/Unspecified         
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-9979 CVE-2020-9976 CVE-2020-9968
                   CVE-2020-9952  

Reference:         ESB-2020.3181

Original Bulletin: 
   https://support.apple.com/en-ie/HT211843

- --------------------------BEGIN INCLUDED TEXT--------------------

tvOS 14.0

Released September 16, 2020

Assets

Available for: Apple TV 4K and Apple TV HD

Impact: An attacker may be able to misuse a trust relationship to download
malicious content

Description: A trust issue was addressed by removing a legacy API.

CVE-2020-9979: CodeColorist of Ant-Financial LightYear Labs

Keyboard

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to leak sensitive user information

Description: A logic issue was addressed with improved state management.

CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany

Sandbox

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to access restricted files

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9968: Adam Chester(@xpn) of TrustedSec

WebKit

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to a cross site
scripting attack

Description: An input validation issue was addressed with improved input
validation.

CVE-2020-9952: Ryan Pickren (ryanpickren.com)

Additional recognition

Bluetooth

We would like to acknowledge Andy Davis of NCC Group and Dennis Heinze
(@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.

Core Location

We would like to acknowledge Yigit Can YILMAZ (@yilmazcanyigit) for their
assistance.

iAP

We would like to acknowledge Andy Davis of NCC Group for their assistance.

Kernel

We would like to acknowledge Brandon Azad of Google Project Zero for their
assistance.

Location Framework

We would like to acknowledge an anonymous researcher for their assistance.

Information about products not manufactured by Apple, or independent websites
not controlled or tested by Apple, is provided without recommendation or
endorsement. Apple assumes no responsibility with regard to the selection,
performance, or use of third-party websites or products. Apple makes no
representations regarding third-party website accuracy or reliability. Contact
the vendor for additional information.

Published Date: September 16, 2020

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX2L3BONLKJtyKPYoAQjahQ//UZIyQFFsvS49IQaocRf0TqO2avH+0Jg/
c0GSoPqvT716OrQf9rdCkqy8pXdWVR3Nd24YIESCy145cEO7EX1FZkLNnjrhZhvv
hRYEvwui0oAwK0z4iL+H3XZjcMa/IMs0r+Eox9FbrNlFQQgStMJTL6S5hpetfQcd
tOQ3hPHoGEYySW6bMPnqHO7enaG7TrQepg+m2/qLyu35AxZc+4tV3zWUnmozUUjd
cFmbN2KSiGm5VuziZ9jhVJcr4EvrD6aixvIw0blNH7wV9XsvqlNo0UT7kNHJCwkw
a2Gc7OE9VNrnCjQ+6NM45FHg+gGOPqf40Pb2fvSou5fUIb3D2pexlY/YS8YsLGp3
Jk5ZP9JLnb067JgBFcZme7Lh1bRqeC6v2eKLxixB1ySiCmvpzhP3I5UbglAJyYaj
Hpj1gjbEo9CBidcrGlBB9cnwia1cg4dR7b18DvL+pCWxnxYO+YFon18nFw2OHtoT
PGqITvQUbg9H4qhc+xjaBHZHYREiQG3el7glZJJRHdFlX3Z6j6siTLioGY5F0oX2
6FMAXASJrLkCH6Q+Wfc28aVGMuniRY+dj59wxdGg5IT9tashjZFa6B+gAROHYq2B
mCjzcGGMhCEdIiWc+Vc75feJ+g+bQTBc3n8t2codpvhFuRfKPIwBR+HovXTdA7vK
Ncb9w42Kxts=
=jwS3
-----END PGP SIGNATURE-----