Apple TV Multiple Vulnerabilities
Last Update Date:
12 Mar 2014 12:33
Release Date:
12 Mar 2014
3838
Views
RISK: High Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in Apple TV, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a vulnerable device.
- An error exists when handling code signature validation of text relocation instructions in dynamic libraries within the dyld component, which can be exploited to bypass certain code signing requirements.
- An error exists when handling JPEG2000 images in PDF files within the ImageIO component, which can be exploited to cause a buffer overflow via a specially crafted PDF file.
- An error related to libtiff exists within the ImageIO component.
- An error related to libjpeg exists within the ImageIO component.
- An error exists when handling USB messages within the USB Host component, which can be exploited to cause memory corruption.
- Multiple unspecified errors within the WebKit component can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #2, #3, #5 and #6 may allow execution of arbitrary code.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Versions prior to 6.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 6.1
Vulnerability Identifier
- CVE-2012-2088
- CVE-2013-2909
- CVE-2013-2926
- CVE-2013-2928
- CVE-2013-5196
- CVE-2013-5197
- CVE-2013-5198
- CVE-2013-5199
- CVE-2013-5225
- CVE-2013-5228
- CVE-2013-6625
- CVE-2013-6629
- CVE-2013-6635
- CVE-2014-1269
- CVE-2014-1270
- CVE-2014-1273
- CVE-2014-1275
- CVE-2014-1287
- CVE-2014-1289
- CVE-2014-1290
- CVE-2014-1291
- CVE-2014-1292
- CVE-2014-1293
- CVE-2014-1294
Source
Related Link
Share with