Multiple vulnerabilities in Apple tvOS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2017-2492 CVE-2017-2493 CVE-2017-2463 CVE-2017-2475 CVE-2017-2476 CVE-2017-2479 |
| CWE-ID | CWE-79 CWE-200 CWE-416 CWE-119 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. |
| Vulnerable software |
tvOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU31337
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-2492
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via a crafted web site that triggers prototype mishandling. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 10.2.
Vulnerable software versionstvOS: 10.0 - 10.1.1
CPE2.3- cpe:2.3:o:apple:tvos:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*
https://support.apple.com/HT207600
https://support.apple.com/HT207601
https://support.apple.com/HT207617
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU31338
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-2493
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 10.0 - 10.1.1
CPE2.3- cpe:2.3:o:apple:tvos:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*
https://support.apple.com/HT207600
https://support.apple.com/HT207601
https://support.apple.com/HT207607
https://support.apple.com/HT207617
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU31424
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-2463
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 10.0 - 10.1.1
CPE2.3- cpe:2.3:o:apple:tvos:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*
https://www.securityfocus.com/bid/97176
https://www.securitytracker.com/id/1038157
https://zerodayinitiative.com/advisories/ZDI-17-241/
https://support.apple.com/HT207599
https://support.apple.com/HT207600
https://support.apple.com/HT207601
https://support.apple.com/HT207607
https://support.apple.com/HT207617
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site scripting
EUVDB-ID: #VU31425
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-2475
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via crafted use of frames on a web site. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 10.2.
Vulnerable software versionstvOS: 10.0 - 10.1.1
CPE2.3- cpe:2.3:o:apple:tvos:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*
https://www.securityfocus.com/bid/97130
https://www.securitytracker.com/id/1038137
https://security.gentoo.org/glsa/201706-15
https://support.apple.com/HT207600
https://support.apple.com/HT207601
https://support.apple.com/HT207617
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU31426
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-2476
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 10.0 - 10.1.1
CPE2.3- cpe:2.3:o:apple:tvos:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*
https://www.securityfocus.com/bid/97130
https://www.securitytracker.com/id/1038137
https://bugs.chromium.org/p/project-zero/issues/detail?id=1114
https://security.gentoo.org/glsa/201706-15
https://support.apple.com/HT207600
https://support.apple.com/HT207601
https://support.apple.com/HT207617
https://www.exploit-db.com/exploits/41814/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Input validation error
EUVDB-ID: #VU31427
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2017-2479
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 10.0 - 10.1.1
CPE2.3- cpe:2.3:o:apple:tvos:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*
https://www.securityfocus.com/bid/97176
https://www.securitytracker.com/id/1038157
https://support.apple.com/HT207599
https://support.apple.com/HT207600
https://support.apple.com/HT207601
https://support.apple.com/HT207607
https://support.apple.com/HT207617
https://www.exploit-db.com/exploits/41866/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
