[<prev] [next>] [day] [month] [year] [list]
Message-id: <A953021D-4BE9-4D9A-BCA7-84FB50B4C82F@lists.apple.com>
Date: Tue, 26 May 2020 17:23:52 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: Apple Product Security via Security-announce
<security-announce@...ts.apple.com>
Subject: [FD] APPLE-SA-2020-05-26-4 tvOS 13.4.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-4 tvOS 13.4.5
tvOS 13.4.5 addresses the following:
Accounts
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AppleMobileFileIntegrity
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted text message may lead to
application denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an
anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge,
Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan
Rathor of Arabic-Classroom.com
FontParser
Available for: Apple TV 4K and Apple TV HD
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
IPSec
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: Derrek (@derrekr6)
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue existed resulting in memory corruption.
This was addressed with improved state management.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
Python
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9793
SQLite
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9805: an anonymous researcher
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9843: Ryan Pickren (ryanpickren.com)
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2020-9803: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative
WebRTC
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An access issue was addressed with improved memory
management.
CVE-2019-20503: Natalie Silvanovich of Google Project Zero
zsh
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Luke Walker of Manchester Metropolitan
University for their assistance.
WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their
assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7eAAoJEAc+Lhnt8tDNGUEQAIqcHvrOcVu90wELj4q9d2Z/
LwyOmEKZu0s5QO5d2XuusXQig7etS+hQg4y4IEBc6+FbeHQ6geksjn4CEs0y1hs2
cIQHtXqOes5QRZx4joMGqC6rsS2U+DoSxtsxyKDrzhWCBJdz18JXG/5AdLQn9Zo4
QvUVVwNX61QiFGlUd5lL9QZWrh+FBxgilex7H9YpCVSzcTN5xcbe48zVjhpU/UFn
KKKRK15aTzGqhmJ1zhvYUVLal4tfWV52QzWNbUW2UlPGxFORNpYKXCmQILk8eQGj
FqIIjGrVcGYPnCDKbMfh24rEilYMzhDrQNg06uokgilPAUXC937lI88+G56Ayl9n
ABOK/i04ni1FrmGkwRf/VEW6WV7k3bpXi5UTUZZCplfk19PoH8MIk1wUZ8AzActr
lxK5DeHPKAG5Pl3dzkqKT8lQ/9aSozken7yQNz7AIo5Ib1ik88er4uu/SjV5CRka
e0t8tkoL8MLIpMqUUpt7j+HgqB/R8VBQ6lBK0Jds2NI84XWXRTHF7UeeVo/BYoTj
gdUqhL1B3vdIizxSemmbx70wVoHLU//JONHLJNE6dfGdNWeKHcqKfzZPbXo/4Hq/
ZDNj/cDOJTmChYqvG/Qi7AHlKACWpYMNnRsa6hMt99z24hdvPg2LP4ANf7Gi6Sq6
CnECyJL8Va3625vOipPF
=ceKY
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists