| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Sep 2020 14:54:37 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2020-09-16-2 tvOS 14.0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-09-16-2 tvOS 14.0 tvOS 14.0 is now available and addresses the following: Assets Available for: Apple TV 4K and Apple TV HD Impact: An attacker may be able to misuse a trust relationship to download malicious content Description: A trust issue was addressed by removing a legacy API. CVE-2020-9979: CodeColorist of Ant-Financial LightYear Labs Keyboard Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany Sandbox Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to access restricted files Description: A logic issue was addressed with improved restrictions. CVE-2020-9968: Adam Chester(@xpn) of TrustedSec WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9952: Ryan Pickren (ryanpickren.com) Additional recognition Bluetooth We would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance. Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. iAP We would like to acknowledge Andy Davis of NCC Group for their assistance. iBoot We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Location Framework We would like to acknowledge an anonymous researcher for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igrwACgkQZcsbuWJ6 jjC20Q//btHc0XNdZu1M133Uqeckujc3BdhVhImPTm4brg/OExquRj5vBKU+XsR0 vv439zYv3cJcxWPZIFoS3sHvm7B+PmGmBbgkhxwfRjejW93jBND9YjEywLfZchlB 07FuHf2eBbkURtxZ0sSPJ8zOMeAliIhFsjcstrPm2IqSNmtK2TUFCbAB7keZo2Zy V5e9Zrktnmv4O024gTKKcFIJK7cmZNu7DSMxoKcarRemk6uAyRoOrixnlo7SWR68 Tik1TmSt86GzsaXtmxwFIywGa/Im95/gj0C1cCwkJVi/xwf+nWq0H5hhWCqOHJdx hvjhVKizxZvmOewjO1wDNCZs5MdeRKs+GntG+2Qg7aCVWkz3fFVDGFo+2AIaGrq2 WjxtyQZHVLrGsg8+K5bxfB0cmcUyVJWS2hvM/vFn71ZUbC9OmINpHHqxyUqQ0yNu O9QBC4crSyO9EQzrYJJjMlphWxYd4cQFQ+pinSy0P+Y0dev12qvWxC+aZiIOQ4rV +bcgh9U4HfrF6sp0sZ/2wRmDLvQjxPJvdqhpjvrRRY2b9ohTQKqEw1P7RKEbMkZw H4q/7H+5K7Z9nw388uhWxr6dRVVzz2jLzgefUetO6RlI5y0xeMqH8UwIAauQ62Gz 3p2iaZF84VNSETWDJXeAjRgbkSFIxnJERbnxntsLolb8BoWTsg0= =TS1A -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists