site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=screenrights-org.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=jxn0fAVkge/7HjDEcrvpiiz79RDU9jTKTw8selv4IRU=; b=cD/1ZPGk5ah93zIAq9Bcc2F+IIVg9L4M9incJFVYL4f5Ww+DUNjy2xR6lFev2FyWRa 2otXWQEBWpdfN1slwUDOYTI2y27eXVDUlZM9jWNolHVuijxX0ove+hNq5bM/Fs1lg+82 gcBBqetRJFxeQ3tRYXZWe1ixAHz3wgr9xtCo0BIyEAhoSoY6yGGXUnhOhvTqi8Rh94Ml YZ5iC2NM4DK9WYqgmPZX0E8hndzL8bGxkoN8mnHf4X6DDKnriFx0p3ezeRKzl4gZLVOg RbhAQ69pzoSJvZm+Q4UY/eR4UcgxETbXveK/HIbJ3q+l+l+PhKggohRFIdC45lxv+72C Oamg==
On 24 Jan 2018, at 7:46 am, Apple Product Security <product-security-noreply@lists.apple.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2018-1-23-4 tvOS 11.2.5
tvOS 11.2.5 is now available and addresses the following:
Audio Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4094: Mingi Cho, MinSik Shin, Seoyoung Kim, Yeongho Lee and Taekyoung Kwon of the Information Security Lab, Yonsei University
Core Bluetooth Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team CVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2018-4090: Jann Horn of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A race condition was addressed through improved locking. CVE-2018-4092: an anonymous researcher
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4082: Russ Cox of Google
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4093: Jann Horn of Google Project Zero
QuartzCore Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of web content. This issue was addressed through improved input validation. CVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative
Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A certificate may have name constraints applied incorrectly Description: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed through improved trust evaluation of certificates. CVE-2018-4086: Ian Haken of Netflix
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4088: Jeonghoon Shin of Theori CVE-2018-4089: Ivan Fratric of Google Project Zero CVE-2018-4096: found by OSS-Fuzz
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About."
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlpng7kpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZBpxAA prOFNgYdkVj5Qho+Ppw6U/d4xQZKS614VPoD5cfOXR4SxOeDL00LxUkAwMLtIgJm uZI54DR7zaixBoR8Yms4GN2//TgBjG50wvfpuMQiSDP8LZ4WPcHYI/faDFH43yf7 rLDYYSXv8olAZU6w+sM858zuPjx/C5lqykDIOCPiFIZMY1XpLNhcaEyw0jhUYlYm t+KLLNyeXAmBRus/rB2WJk8vRYYwBm3Fz2VyKjUVpvc56ZfezmJTT9sfO/2Hbzaw stduwdsvhGUUpiK/D866xHniJMngTQjOChIjNiP8RG/BaYG/iKejgaVjdOb7ZUsJ vLbu6ctvg1UOMUHrfIotWOMI3LdJbTbTpjS9kCkLBj+ZO7jE+CKibflph7BDt0ND Cafdg34DGu2K3bcCL+CMzscWocw0hPkyYWsxuHatJVuXBEfXfFuzioGzU4FHEeDC tyRH6Fs+divJ23KEssbcieBP2JeA43j/ORjmigZYnAXb4Myge/NT/3eLzrJ9rfbP J6QyVU6Zv7jzXdxKdzTMPqNH3RFRhK4ukeHUq9S57Oh6oICAXA6mWCJnlLEB0kST qSunhULsrufCNVJ4KcfOWz5A0wYijbrylmsCSctaHrJs1nkdaZzNTwUZ/IYHP5Le qApCYj3ugwMg/wpWdqtOYaMYiwglfIxv9xcwpqetH5o= =7nmT -----END PGP SIGNATURE-----
_______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/justin%40screenrig...
This email sent to justin@screenrights.org
-- **************************************************************************************************************************** Important: this email (including any attachments) is intended only for the addressee(s) and is confidential. It may also contain legally privileged information. If you are not the intended recipient, you are notified that any use, disclosure or dissemination is strictly prohibited. If you have received this email in error, please notify Screenrights immediately by telephone or email and delete all copies of this email. **************************************************************************************************************************** _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/site_archiver%40li... This email sent to site_archiver@lists.apple.com