copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2014.1060 - [Apple iOS] Apple TV: Multiple vulnerabilities

Date: 01 July 2014
References: ASB-2013.0083  ESB-2013.0994  ASB-2013.0114  ESB-2013.1530  ASB-2014.0057  ESB-2014.0657  ESB-2014.0792  ESB-2014.1058.2  ESB-2014.1057  ESB-2014.1059  
ESB-2014.1880  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.1060
                              Apple TV 6.1.2
                                1 July 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Apple TV
Publisher:        Apple
Operating System: Apple iOS
Impact/Access:    Root Compromise        -- Remote with User Interaction
                  Access Privileged Data -- Remote/Unauthenticated      
                  Denial of Service      -- Remote with User Interaction
                  Reduced Security       -- Existing Account            
Resolution:       Patch/Upgrade
CVE Names:        CVE-2014-1731 CVE-2014-1383 CVE-2014-1382
                  CVE-2014-1368 CVE-2014-1367 CVE-2014-1366
                  CVE-2014-1365 CVE-2014-1364 CVE-2014-1363
                  CVE-2014-1362 CVE-2014-1361 CVE-2014-1359
                  CVE-2014-1358 CVE-2014-1357 CVE-2014-1356
                  CVE-2014-1355 CVE-2014-1343 CVE-2014-1342
                  CVE-2014-1341 CVE-2014-1339 CVE-2014-1338
                  CVE-2014-1337 CVE-2014-1336 CVE-2014-1335
                  CVE-2014-1334 CVE-2014-1333 CVE-2014-1331
                  CVE-2014-1330 CVE-2014-1329 CVE-2014-1327
                  CVE-2014-1326 CVE-2014-1325 CVE-2014-1323
                  CVE-2013-2927 CVE-2013-2875 

Reference:        ASB-2014.0057
                  ESB-2014.1059
                  ESB-2014.1057
                  ESB-2014.0792
                  ESB-2014.0657
                  ASB-2013.0114
                  ASB-2013.0083
                  ESB-2013.1530
                  ESB-2013.0994
                  ESB-2014.1058.2

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-06-30-4 Apple TV 6.1.2

Apple TV 6.1.2 is now available and addresses the following:

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  An application could cause the device to unexpectedly
restart
Description:  A null pointer dereference existed in the handling of
IOKit API arguments. This issue was addressed through additional
validation of IOKit API arguments.
CVE-ID
CVE-2014-1355 : cunzhang from Adlab of Venustech

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A heap buffer overflow existed in launchd's handling of
IPC messages. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1356 : Ian Beer of Google Project Zero

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A heap buffer overflow existed in launchd's handling of
log messages. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1357 : Ian Beer of Google Project Zero

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  An integer overflow existed in launchd. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-1358 : Ian Beer of Google Project Zero

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  An integer underflow existed in launchd. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-1359 : Ian Beer of Google Project Zero

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  Two bytes of memory could be disclosed to a remote attacker
Description:  An uninitialized memory access issue existed in the
handling of DTLS messages in a TLS connection. This issue was
addressed by only accepting DTLS messages in a DTLS connection.
CVE-ID
CVE-2014-1361 : Thijs Alkemade of The Adium Project

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2875 : miaubiz
CVE-2013-2927 : cloudfuzzer
CVE-2014-1323 : banty
CVE-2014-1325 : Apple
CVE-2014-1326 : Apple
CVE-2014-1327 : Google Chrome Security Team, Apple
CVE-2014-1329 : Google Chrome Security Team
CVE-2014-1330 : Google Chrome Security Team
CVE-2014-1331 : cloudfuzzer
CVE-2014-1333 : Google Chrome Security Team
CVE-2014-1334 : Apple
CVE-2014-1335 : Google Chrome Security Team
CVE-2014-1336 : Apple
CVE-2014-1337 : Apple
CVE-2014-1338 : Google Chrome Security Team
CVE-2014-1339 : Atte Kettunen of OUSPG
CVE-2014-1341 : Google Chrome Security Team
CVE-2014-1342 : Apple
CVE-2014-1343 : Google Chrome Security Team
CVE-2014-1362 : Apple, miaubiz
CVE-2014-1363 : Apple
CVE-2014-1364 : Apple
CVE-2014-1365 : Apple, Google Chrome Security Team
CVE-2014-1366 : Apple
CVE-2014-1367 : Apple
CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)
CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung
Electronics
CVE-2014-1731 : an anonymous member of the Blink development
community

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  An iTunes Store transaction may be completed with
insufficient authorization
Description:  A signed-in user was able to complete an iTunes Store
transaction without providing a valid password when prompted. This
issue was addressed by additional enforcement of purchase
authorization.
CVE-ID
CVE-2014-1383


Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTsaLGAAoJEBcWfLTuOo7tgDkQAISO0VZeghUvKSWSJfPC7mlW
g8jGo58zwkZmjNcd0V907jHlK2UdNtHrV9SSvhvrYWhfVezoVrvg1EMciDMtdlxp
KHvAiCmiHJbs2NL3qrJSxjBZQfsovs1k0ju1MLAtiPjnNjzRLra01ww+IKjMK3j6
FldfDXFT5Fhag2qcyH4NuI/BNb2rKSxHp7F2A64e3aKR00DKmyOGXpF9fIZes37P
OqYWYRKfJ+sXMI8AOP/V++SuZ0SiUhSRKX8nSF0bNu1qpG9TvsBcZOjDigN0JMZg
8aD7be8KBs9vjSuRAG96q0fkf1ePN4MUIpe+uTHE2LJbOphvoKwYoSthfFc8KQ18
x9dVbHNd9Kfhqg5Gf10yr+a6pyxFMjTWEjs3UtDGQw8ZLUdggHtyqZHLVsszNgmA
m+LK6sQSWn11uiCu8R0dYwcd0MKwZUM+WrGauO/V7GrhnnbTmI1fRKT6VV583obh
e3zFt2zvvIPcC7SCtRp1hMSAqtVEWWUFS++6sfpnWTYfXaN6XZmg3dIjDUp5hKa7
+ilRNeewFKOH/kXm+UWcIwzw3SMSAIsfOKkoDvf0/N7/0MfEyDN3wt5E2mXb3M2B
Co5elfxqaJGMwZPBxpdWzUmNHrvVnFwWXn2Bsuo+lah6S/GLRajKnLxiJBJwXZWq
HesVEEK6hJjPBlUEY9a5
=b7jD
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU7IvdhLndAQH1ShLAQKpQQ//RdOHNgGtO0zF/VW3OLCu9x+G4rOvEwdq
eIHaMwb0Rm5IgMpaTnEkW1Bv+q4k56WVk4W2E1WZJdc9WKH7iozcSF7TuqeVfVgx
joZgoxKQ67QpM1PuBRbjYuCnc7V+rzl5AeLRdZQFk4kk3Elq4p+NwZpVuGW4EiRS
c4+kWXBPn3C32LLvo5eXGEpKjqABZjgRpmiem9+5jyuH8ZbMMa5/9TGaKLzmRdcO
jmLyxLTlYfzh3xXd4PRjm1Zjv+JFEc31PBoxQ/0rMSk8HQK7u9m8B3DB/m1Sadvg
jRexU10psdA4d06PFFAlQxdrqtXY8q5LBNcIH+qSmzorDqGAQwfpl8EpoDh8cHLZ
DatuHCAUcGoSHfQ73izayFrWM1ggg0wEpPNyFwfKq0PBycj/S5O56Kh9FqVWUFgl
iho302kZoKlx8AFxvU/nB8w2zt2gNlhz8BxnIl2Bb/mGW6eZ8S9xKUVLmsNzfsUi
UvjRHuowJzn42jie4DihBtUrN039vEv5Czo2SmyIenb2b1J2nTNCUzL/tdByU4Gh
FSxJiEn8Dj3r16Rtdxh9N9R5imQskY5t7aKBlwtutfU24yXeqQjpGbhj7evUqc0l
QnV4CDACHPJcR1QUetkacPqOpqGW23Gf+r1KFEHeOPjqwm7HbGyt+5hp/ci+Ni87
fXywnuIYQIA=
=1NCG
-----END PGP SIGNATURE-----