lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 30 Oct 2018 11:58:39 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2018-10-30-5 tvOS 12.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-10-30-5 tvOS 12.1

tvOS 12.1 is now available and addresses the following:

CoreCrypto
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of
Royal Holloway, University of London, and Juraj Somorovsky of Ruhr
University, Bochum

ICU
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4394: an anonymous researcher

IPSec
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2018-4420: Mohamed Ghannam (@_simo36)

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security
Team

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4419: Mohamed Ghannam (@_simo36)

NetworkExtension
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Connecting to a VPN server may leak DNS queries to a DNS
proxy
Description: A logic issue was addressed with improved state
management.
CVE-2018-4369: an anonymous researcher

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea
CVE-2018-4382: lokihardt of Google Project Zero
CVE-2018-4386: lokihardt of Google Project Zero
CVE-2018-4392: zhunki of 360 ESG Codesafe Team
CVE-2018-4416: lokihardt of Google Project Zero

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious website may be able to cause a denial of service
Description: A resource exhaustion issue was addressed with improved
input validation.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team

WiFi
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile
Networking Lab at Technische Universität Darmstadt

Additional recognition

Certificate Signing
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.

Security
We would like to acknowledge Marinos Bernitsas of Parachute for their
assistance.

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GlRw/7
B26eM0inif5Z1FZpS7IahAaEDjdzKHQ6gfxMn/qk/LlhiiZmh81phm2Xj2wimdEt
5fNLZAsxX7MKkyS3wxdjC7zLRVV0tFkSZ5YsZkYfeIhc4HqEhVtG2suRdlDK0yJV
BCiT4FBfo6l9HvQM+sQEPfe+5ILw74IuAyOfoQWHPCQZccH5BnysEzn+UVqGClgR
+lnCkhgsok5tFg+DzQeZMvkXsW9ddweUTPF26UhjKZbCnhrvBe4QMQRyh+2nY8Vt
UswV3SVzstW6PUtAlY7+TIsDaKgeWUV9DeKsOIDr7orK7cKDR4pr0khwR/k0yLUo
X5Pt4L5zfNGw0ugEIVmT46wSEQJ3RWn9bTUAIyxJBX1x1HN38bJuSHqTgmtMqhO7
JDxXUGIRLYLrye/zopNh2Pa/0hwXjmaJp+YyU2RorUWspK2GIuFHeirxJVRrtfG+
44T7qw68xdWG2oAaUFL026HXwYfuohH992q/dAXOIClBx3uha21ORArQ0IpZkFJe
TqpS+LsC8qA/Q47gWJD7TDDiPfq2d7s8tRf7agjLj++/Roz0uV4MffwZTI5NgoMn
Dn7LHFdvhLoGNYg7pSaAhT2QMIork710EvSi9w+k68PsPWpwLOdpY8vbLqH3XPfe
iLQmRA7I+M2b9RS1V7FpjBEIXmIGJ6JP83ISl74ew3E=
=ifDV
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists