| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Sep 2021 14:44:20 -0700 From: product-security-noreply--- via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2021-09-20-3 tvOS 15 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-20-3 tvOS 15 tvOS 15 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212815. Accessory Manager Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2021-30837: an anonymous researcher FontParser Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab libexpat Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Preferences Available for: Apple TV 4K and Apple TV HD Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Sandbox Available for: Apple TV 4K and Apple TV HD Impact: A user may gain access to protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2021-30850: an anonymous researcher WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30846: Sergei Glazunov of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30849: Sergei Glazunov of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30851: Samuel Groß of Google Project Zero Wi-Fi Available for: Apple TV 4K and Apple TV HD Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An authorization issue was addressed with improved state management. CVE-2021-30810: an anonymous researcher Additional recognition Assets We would like to acknowledge Cees Elzinga for their assistance. UIKit We would like to acknowledge an anonymous researcher for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI88wACgkQeC9qKD1p rhjopg/+L4N95EZXqBnWjnOmxq1SfqUdthxi9ler2tmjuaADeKRrNsfGSY5sy8Te C6dzHhmaah1PE7rnEAKKajG24odfjj/8kzDQHi4Qa+hSRldkYpr0NJ2xUdzhPrK6 QRZN7adoydN8+ybvigVWjZmFyo4/77+SX8ItuYTTGBu6FRhRynfSi32hcxZgoy/k Y9z59/Ghk8QQ8lRbGj4ewNpBji+9QW5JTzNBckMXlCl1XN9f36nxnh5koOXP1Xt9 fl7v7nzugEFE9qQ96jxJlJ8EtwF7d9EjQY7+XGUyJlz+6dkAf48Y0jiOm8SK5gyh zn8Y69P0QvIF2olzR4gqF/pqVVAu5qQhvStxqtAlbh1/D9Fwg7xGO/1lVR2kN5jP h8EgAV+WvV040WxcPmfjDJLR6VJax3fnZUpFN/kUx52ZNYdQYtHulW0KsHZPaseJ SoQevoUe6E27KLqV/gR36lTfW7cXcfIEyag8Aa6j2vd0vxJiO5kKnNSnpHL+n0ZZ +xce3GA9K/jvNdH1+RbboCVddXXHJCsTKbSqo0e9udVT9D6AAk2ExTE1yFLy/9WT /A8JHODkqGrlssyC/Anwvs4Gk4a+ChXjMOew+BfX7ylT6AtCaGBauXe9xIUSd6Jn OQxdF95DtRvMC/vXsH8/HMicbcrLsUO6lTEvE/HFqTOb7r+iIXU= =4Ewt -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists