[<prev] [next>] [day] [month] [year] [list]
Message-id: <D0C1DFBA-CFB5-4776-8774-768D4AC424D9@lists.apple.com>
Date: Tue, 26 Oct 2021 16:29:29 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2021-10-26-7 tvOS 15.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-7 tvOS 15.1
tvOS 15.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212876.
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
ColorSync
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles. This issue was addressed with improved input
validation.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro
CoreGraphics
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
FileProvider
Available for: Apple TV 4K and Apple TV HD
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360
Game Center
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to access information
about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30895: Denis Tokarev
Game Center
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to read user's gameplay
data
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30896: Denis Tokarev
iCloud
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga
Image Processing
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30894: Pan ZhenPeng (@Peterpan0927) of Alibaba Security
Pandora Lab
IOMobileFrameBuffer
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30886: @0xalsr
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
Model I/O
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
UIKit
Available for: Apple TV 4K and Apple TV HD
Impact: A person with physical access to an iOS device may be able to
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt.
Ltd.
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30890: an anonymous researcher
Additional recognition
iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
Mail
We would like to acknowledge Fabian Ising and Damian Poddebniak of
Münster University of Applied Sciences for their assistance.
WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero,
Pavel Gromadchuk, an anonymous researcher for their assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hvQACgkQeC9qKD1p
rhhXoQ//d43gU2jhz9IhEIu+hG6CdDsz/zbhsNWx3gIMwQPGva3Wk9mvJApvL9KJ
Giy8lJ0oXK4xsUNWw8PVEkrXQnxdSk4p5uZ6G3NcKYBojhLYYjQvsLUnSkBANds5
YLxkqFotpLml7ESd4to2pxgvh0HNF5MDmI98kztWOGsjVRzESXsNZohmq35LOzwV
GKw1IOqf0ugJ3DKxTUrkD5WICnE4X4nypFjfug7DEPKPYyMXkB2rhvSfDLN7mdRS
JSbHH3CEfIrtxhIjDXWaZUJdBRR0kTNON95JAzYJRuVbG5mQBCLW6Uy8M0DPVQHh
l5kJo6YguN9xPBEyyQUsa2cTGoG/JrXx/GbLsucWVSmLi7H0ls2MSFlkDcVJPA1O
sa+j6uExuzPQmNgDLs8si0mOtIoHXmtv8Dl+NxVDEPqMFQSt6pVcfd4Vsuo/7p51
z6loqB/sWtskVvn5oglZZelXy8QmF505uXWkUIuK65BSxi3zwVGNvFoVlmonYz9S
jAKKSmuhh2976etA6GmLbMA7NojPCO5ztq9HQmZi4/++onQ9ZCQpcNV5Z3+JdccP
wM9R/3noukXJo2WONVibJO16Gpc+0fqV/Nnx0eRNRQB1KP7dMzUH10/MNxUeW9RB
oRatqenRvmNlVlVl/gxugjYSmTP7ApnAijroaVoajXAwlGIkMTc=
=IYqO
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists