-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1420
                      Apple security update for tvOS
                               27 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           tvOS
Operating System:  Apple iOS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Modify Arbitrary Files          -- Existing Account            
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Unauthorised Access             -- Existing Account            
                   Reduced Security                -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-30661 CVE-2021-30660 CVE-2021-30653
                   CVE-2021-30652 CVE-2021-1885 CVE-2021-1884
                   CVE-2021-1883 CVE-2021-1882 CVE-2021-1881
                   CVE-2021-1875 CVE-2021-1868 CVE-2021-1864
                   CVE-2021-1860 CVE-2021-1858 CVE-2021-1857
                   CVE-2021-1851 CVE-2021-1849 CVE-2021-1846
                   CVE-2021-1844 CVE-2021-1843 CVE-2021-1836
                   CVE-2021-1832 CVE-2021-1826 CVE-2021-1825
                   CVE-2021-1822 CVE-2021-1820 CVE-2021-1817
                   CVE-2021-1816 CVE-2021-1815 CVE-2021-1813
                   CVE-2021-1811 CVE-2021-1809 CVE-2021-1808
                   CVE-2021-1740 CVE-2021-1739 

Reference:         ESB-2021.1408
                   ESB-2021.0827

Original Bulletin: 
   https://support.apple.com/HT212323

Comment: Apple is aware of a report that CVE-2021-30661 arbitrary code execution may have been actively exploited.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-04-26-6 tvOS 14.5

tvOS 14.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212323.

AppleMobileFileIntegrity
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2021-1849: Siguza

Assets
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to create or modify privileged files
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1836: an anonymous researcher

Audio
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab

CFNetwork
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1857: an anonymous researcher

CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab

CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab

CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab

FontParser
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security
Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi
(@hjy79425575) of Qihoo 360

Foundation
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)

Foundation
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2021-1813: Cees Elzinga

Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted server messages may lead to
heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)

Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)

ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1885: CFF of Topsec Alpha Team

ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30653: Ye Zhang of Baidu Security
CVE-2021-1843: Ye Zhang of Baidu Security

ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1858: Mickey Jin of Trend Micro

iTunes Store
Available for: Apple TV 4K and Apple TV HD
Impact: An attacker with JavaScript execution may be able to execute
arbitrary code
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1864: CodeColorist of Ant-Financial LightYear Labs

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to disclose kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1860: @0xalsr

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1816: Tielei Wang of Pangu Lab

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1851: @0xalsr

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: Copied files may not have the expected file permissions
Description: The issue was addressed with improved permissions logic.
CVE-2021-1832: an anonymous researcher

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30660: Alex Plaskett

libxpc
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2021-30652: James Hutchins

libxslt
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: A double free issue was addressed with improved memory
management.
CVE-2021-1875: Found by OSS-Fuzz

MobileInstallation
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to modify protected parts of the
file system
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1822: Bruno Virlet of The Grizzly Labs

Preferences
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to modify protected parts of the
file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

Tailspin
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1868: Tim Michaud of Zoom Communications

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1844: Clément Lecigne of Googleâ\x{128}\x{153}s Threat Analysis Group,
Alison Huffman of Microsoft Browser Vulnerability Research

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2021-1825: Alex Camboe of Aonâ\x{128}\x{153}s Cyber Solutions

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1817: an anonymous researcher

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1826: an anonymous researcher

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1820: an anonymous researcher

WebKit Storage
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHQEkACgkQZcsbuWJ6
jjBQqhAAhT6igO2sBsZW1+ecMiDmF9RSncVFfF1tXYcbwY0VdGgmoEYFSegudN1V
k3tdJEIRwT25R7K9359Mz5z/uHHBhZrABuv0tRiTfHobYTxoA/52Hx7WzqioW7EU
lxJsEkBaRqOkuM5PjMa1he6KzlxDpIXmhgz0uZknO135S7JPUcTasRnDuzzk92WP
b8Y62dlIoQ7w38g4xFA7Jg52GnTpYXxacA591ipaqW9Q3AaTCUfQSoRVRuGLZ2rn
4AacIgGnSgXPOCGURkrAxV9yPTxDC8Ug+ctV1pFBc0YKQZ/nugdQkMKxe2mzKKAd
4PaurX3+m5YwKJf5Ma+UUDZVPsSK4exPyKMsrKu0p+pfoeumPuAJydMCWJrELR1p
xvTTxljkMs++snOAiNP9lzKJe6kuU1aqLmzLHqspP2QC8YXJH3VWG9fqcagVSb0R
zqvXI4nicqYJc635OANJy24QS5yzvOovdeJYCiJQaWc7RauLTavOetYZ34kWjjYr
2X1Dj0UdeRK5LCrDMFvlIx6jCQpFbKwfg9D7+1IiPI6bNWNdVFCPsrd59iGdBpj8
NvAGs6afDOo68EK1LLRYcR0EigkcCFZ84oqY40nlfdc9ZN1xeZ3plfbpFDywv4s8
nzTZlUAupV+ZCnrq0VbzskIE67Li6lAR+Bm7LmK3aRvMZaxfcn0=
=iii4
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIec4ONLKJtyKPYoAQhI5A//f3pinT/44bwwu1RSPa2vifD8YPDnsuZc
18BQ5L0yjmFCaOVGhWnDHMRloN5ZX9XaMzB7kdzmH8lcYNmgGLj5dXpA6euGAUDI
cSWzAmPTh/vzuqsij9KwHFigbiY7us76F2EO8dolez9HdOZSO8uunIb8Yl2/awzY
lXk+dA14emdzupQERD7TLieQIlpZr0H5nfFZmISUl4pYBALB1pJIu/Z0dGC6gp6K
te0bjBJCERrnzpySkvBwsSLY2DVjvVrvmNVmT+aPDohk5aK2TdKcpZRucnQW4LtT
AaehXmIyEwXERJghXhJ2OW45MGNhw1I8KB1wTxBYJk+0zKADjQgeLVWeKDBjQ1V3
DoW0dxYsINlLzV8smt9lmlZosTUjGsm9B5QZXQ7ceAVWwsxJQZYkl94hpDZkEvxw
ZovlqqhTJAvVJgBXmJwZGaD4r9/+fc4U8irDfkaExYRLC26W6fMqQaBdLUdUwyvW
qOU8QS0zp7cKyxghuHaQrK3E/IFoq6ZxCA1BgX56dcl/tT6fQ3iPEhas28LGW++N
QERM/DZbRf0t5gll3TGD1ZGRKOCWSo42xTx3Gsu9Tux9uYB4KtGvqzwe5BVvk824
FwhEiEFuGK5JDftxXyi0t7C0Ss+JaiDmFhJ1nc11PdmClUMA6HQoohpXGhTZYhKb
gmWrCeurWRw=
=AmO/
-----END PGP SIGNATURE-----