SB2017120704 - Multiple vulnerabilities in Apple TV

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017120704

SB2017120704 - Multiple vulnerabilities in Apple TV

Published: December 7, 2017

Security Bulletin ID SB2017120704
Severity
Low
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2017-13833)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read in the kernel component. A local attacker can use a specially crafted application, trigger out-of-bounds read error and read arbitrary files.

2) Memory corruption (CVE-ID: CVE-2017-13855)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to memory handling error in the kernel component. A local attacker can use a specially crafted application, trigger memory handling error and read arbitrary files.

3) Memory corruption (CVE-ID: CVE-2017-13861)

The vulnerability allows a local attacker to execute arbitrary code o the target system.

The weakness exists due to boundary error in IOSurface. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.


4) Memory corruption (CVE-ID: CVE-2017-13862)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Improper input validation (CVE-ID: CVE-2017-13865)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

6) Memory corruption (CVE-ID: CVE-2017-13867)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

7) Improper input validation (CVE-ID: CVE-2017-13868)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

8) Improper input validation (CVE-ID: CVE-2017-13869)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

9) Memory corruption (CVE-ID: CVE-2017-13876)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References