lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-id: <3BF2B23E-D87A-4C0E-BFC4-0ADACAC8B875@apple.com>
Date: Mon, 26 Aug 2019 10:46:35 -0700
From: Akila Srinivasan via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2019-8-26-3 tvOS 12.4.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-8-26-3 tvOS 12.4.1

tvOS 12.4.1 is now available and addresses the following:

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero

Additional recognition

Kernel
We would like to acknowledge @Pwn20wnd for their assistance.

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl1kFfgACgkQBz4uGe3y
0M3LxxAAhd3dNmgTWTjyWFi43axxWCPBHVudzGWrMFACG4l9025YmqW/A73kO9Jo
j/jEonLUCXzJCzc9bb5t/Mem5Ti1wpHM/HpZ8lpubCU07T4old5N6cAcwVg95YMC
U8xnKBucXTuf3CXk9FUUamDj5RPm9jTzgSQpDvwytMoKjXkaXdN1dTZB4MxTLHg5
tBFTMiIcw7IuI7+DYExTbe71ScLT+JCuShoI9b666B0OjiaBC5mNSj1VJTC5583J
MwgoFK/KP/5T9uIXOqz+sjvcDlTOL6Y6sR78kEwggHTQT1NyAxlck+ht3e9oZzqG
cqe6fJnduYPm4bHJpx2SYqzPrf+2xKzYm0up/thuiQ4SxixsUbC1uljec/zkm4e4
v3jxGYtsckbfjQjRCvXIWKDmtqDPqA0dvRGkNEO+oEsP0YoY1a3SFpgVbq1Cpm89
RkR+/XRa51LQ7+/2xxrHrOeIyJUcm+RRiaME+79umJ8kuNuAlVtqIyqLBqaT5hyd
jteN6pQz2wKHuiectT5AUSQVNNIcFkeEPl6/o4SOeqokQ8zCYSoWn4jAo3U+cpg3
PpYSKrL+fOEGaa82oAUKaEJvOuMM85CTNVmsioMfaPRPSs5K2+4AXshAzckHpNcn
I5ps+5DrSU8qWG/NodcryDArxIchO8aBTSH9DkUVGBeN6L4+E+A=
=U5HO
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ