| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Sep 2023 14:32:03 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-09-26-2023-9 tvOS 17 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-09-26-2023-9 tvOS 17 tvOS 17 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213936. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Airport Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to read sensitive location information Description: A permissions issue was addressed with improved redaction of sensitive information. CVE-2023-40384: Adam M. App Store Available for: Apple TV HD and Apple TV 4K (all models) Impact: A remote attacker may be able to break out of Web Content sandbox Description: The issue was addressed with improved handling of protocols. CVE-2023-40448: w0wbox Apple Neural Engine Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-40432: Mohamed GHANNAM (@_simo36) CVE-2023-41174: Mohamed GHANNAM (@_simo36) CVE-2023-40409: Ye Zhang (@VAR10CK) of Baidu Security CVE-2023-40412: Mohamed GHANNAM (@_simo36) Apple Neural Engine Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free issue was addressed with improved memory management. CVE-2023-41071: Mohamed GHANNAM (@_simo36) Apple Neural Engine Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2023-40399: Mohamed GHANNAM (@_simo36) Apple Neural Engine Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-40410: Tim Michaud (@TimGMichaud) of Moveworks.ai AuthKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved handling of caches. CVE-2023-32361: Csaba Fitzl (@theevilbit) of Offensive Security Bluetooth Available for: Apple TV HD and Apple TV 4K (all models) Impact: An attacker in physical proximity can cause a limited out of bounds write Description: The issue was addressed with improved checks. CVE-2023-35984: zer0k bootp Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to read sensitive location information Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-41065: Adam M., and Noah Roskin-Frazee and Professor Jason Lau (ZeroClicks.ai Lab) CFNetwork Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may fail to enforce App Transport Security Description: The issue was addressed with improved handling of protocols. CVE-2023-38596: Will Brattain at Trail of Bits CoreAnimation Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing web content may lead to a denial-of-service Description: The issue was addressed with improved memory handling. CVE-2023-40420: 이준성(Junsung Lee) of Cross Republic Dev Tools Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2023-32396: Mickey Jin (@patch1t) Game Center Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access contacts Description: The issue was addressed with improved handling of caches. CVE-2023-40395: Csaba Fitzl (@theevilbit) of Offensive Security GPU Drivers Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2023-40391: Antonio Zekic (@antoniozekic) of Dataflow Security Kernel Available for: Apple TV HD and Apple TV 4K (all models) Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: The issue was addressed with improved memory handling. CVE-2023-41981: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-41984: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. Kernel Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access sensitive user data Description: A permissions issue was addressed with improved validation. CVE-2023-40429: Michael (Biscuit) Thomas and 张师傅(@京东蓝军) libpcap Available for: Apple TV HD and Apple TV 4K (all models) Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2023-40400: Sei K. libxpc Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to delete files for which it does not have permission Description: A permissions issue was addressed with additional restrictions. CVE-2023-40454: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com) libxpc Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access protected user data Description: An authorization issue was addressed with improved state management. CVE-2023-41073: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com) libxslt Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing web content may disclose sensitive information Description: The issue was addressed with improved memory handling. CVE-2023-40403: Dohyun Lee (@l33d0hyun) of PK Security Maps Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2023-40427: Adam M., and Wojciech Regula of SecuRing (wojciechregula.blog) MobileStorageMounter Available for: Apple TV HD and Apple TV 4K (all models) Impact: A user may be able to elevate privileges Description: An access issue was addressed with improved access restrictions. CVE-2023-41068: Mickey Jin (@patch1t) Photos Storage Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access edited photos saved to a temporary directory Description: The issue was addressed with improved checks. CVE-2023-40456: Kirin (@Pwnrin) CVE-2023-40520: Kirin (@Pwnrin) Pro Res Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-41063: Certik Skyfall Team Sandbox Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to overwrite arbitrary files Description: The issue was addressed with improved bounds checks. CVE-2023-40452: Yiğit Can YILMAZ (@yilmazcanyigit) Simulator Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to gain elevated privileges Description: The issue was addressed with improved checks. CVE-2023-40419: Arsenii Kostromin (0x3c3e) StorageKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to read arbitrary files Description: This issue was addressed with improved validation of symlinks. CVE-2023-41968: Mickey Jin (@patch1t), James Hutchins WebKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved checks. WebKit Bugzilla: 256551 CVE-2023-41074: 이준성(Junsung Lee) of Cross Republic and me Li WebKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 239758 CVE-2023-35074: Abysslab Dong Jun Kim(@smlijun) and Jong Seong Kim(@nevul37) Additional recognition Airport We would like to acknowledge Adam M., and Noah Roskin-Frazee and Professor Jason Lau (ZeroClicks.ai Lab) for their assistance. AppSandbox We would like to acknowledge Kirin (@Pwnrin) for their assistance. Audio We would like to acknowledge Mickey Jin (@patch1t) for their assistance. Bluetooth We would like to acknowledge Jianjun Dai and Guang Gong of 360 Vulnerability Research Institute for their assistance. Control Center We would like to acknowledge Chester van den Bogaard for their assistance. Kernel We would like to acknowledge Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group, 永超 王 for their assistance. libxml2 We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project Zero for their assistance. libxpc We would like to acknowledge an anonymous researcher for their assistance. libxslt We would like to acknowledge Dohyun Lee (@l33d0hyun) of PK Security, OSS-Fuzz, and Ned Williamson of Google Project Zero for their assistance. NSURL We would like to acknowledge Zhanpeng Zhao (行之) and 糖豆爸爸(@晴天组织) for their assistance. Photos We would like to acknowledge Dawid Pałuska and Kirin (@Pwnrin) for their assistance. Photos Storage We would like to acknowledge Wojciech Regula of SecuRing (wojciechregula.blog) for their assistance. Power Services We would like to acknowledge Mickey Jin (@patch1t) for their assistance. Shortcuts We would like to acknowledge Alfie Cockell Gwinnett, Christian Basting of Bundesamt für Sicherheit in der Informationstechnik, Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania, Giorgos Christodoulidis, Jubaer Alnazi of TRS Group Of Companies, KRISHAN KANT DWIVEDI, and Matthew Butler for their assistance. Software Update We would like to acknowledge Omar Siman for their assistance. Spotlight We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal, and Dawid Pałuska for their assistance. StorageKit We would like to acknowledge Mickey Jin (@patch1t) for their assistance. WebKit We would like to acknowledge Khiem Tran, Narendra Bhati From Suma Soft Pvt. Ltd, and an anonymous researcher for their assistance. Wi-Fi We would like to acknowledge Wang Yu of Cyberserval for their assistance. Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUTSJoACgkQX+5d1TXa IvpJvw/+OKqntqggqPkx4TXqH+nCchp4wj3KCjmdtULgoYL2BStw+jXAl9Z/Wnyi uhg7YgboJb+jFc2UbYNG/w6Ks4qnh1P/4xwd8KfiGH+u0pblR24DDyNOPA6X+F4c CJ2jfagKi7xOM/Djm0mkrkZ1PeiXkx5k4bBLL+I8ckadCZinecn0tZur0gwAzN/y e113vKgGJDvVn257inJ063d7d+R4gdDNznMq4Mg5+gtbWoz9OZ6gHiTj+u8jwrlh +10ZOBtTHGQ612OptUB2FcyLn439CQhftHlc91L5Am2HsduesB6MBmtiZlfFMaca P8Vur6sh/k34roqaWVW2ljvMkqZMJSocTgjzMsVN87itikXT9ua5HbcInnkCMx+A 8gtOnogY/lsm446Qu0mH0MYAZLSbQ9OYzJor9fax9PV+ysmOGn2SfM2o6DKPXjCE 74+yFAiv+lo3yrr68SQea/PiDxhMt7+i/Ia7vO5gg1HkqANFc0//KC2pObdGSNu6 cWJQUcGqOvU/jqnIO9WLXRnSDdXsRGLJ8xXSAYL8M2FdW5Md/tvQ3/p+/6kwXfnq cXwM/92G0mx1GFeapToP0NCjUwx4ARCw9d1Y+5keZ4gRaVOJzy/96WKzbc5blVGH C5RT/4ty1vpgbCcI8kmDt0WD2nvTnwoNgBaEti/iC3Lzu+M52wA= =Zq9i -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists