SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Apple TV Vendors:   Apple
(Apple Issues Fix for Apple TV) Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Bypass Sandbox Restrictions
SecurityTracker Alert ID:  1030140
SecurityTracker URL:  http://securitytracker.com/id/1030140
CVE Reference:   CVE-2013-2871, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1302, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1310, CVE-2014-1311, CVE-2014-1312, CVE-2014-1313   (Links to External Site)
Date:  Apr 23 2014
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.1.1
Description:   Multiple vulnerabilities were reported in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass sandbox controls. Apple TV is affected by some of these vulnerabilities.

A remote user can create specially crafted content that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2013-2871, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1301, CVE-2014-1302, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1310, CVE-2014-1311, CVE-2014-1312, CVE-2014-1313]. The code will run with the privileges of the target user.

A page running code in the WebProcess may be exploit an IPC message processing flaw to bypass sandbox restrictions and read arbitrary files on the target system [CVE-2014-1297].

miaubiz, Ian Beer of Google Project Zero (via HP's Zero Day Initiative), KeenTeam (via HP's Zero Day Initiative), cloudfuzzer, Renata Hodovan of University of Szeged/Samsung Electronics, and Google Chrome Security Team reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can bypass sandbox controls.

Solution:   Apple has issued a fix for CVE-2013-2871, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1302, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1310, CVE-2014-1311, CVE-2014-1312, and CVE-2014-1313 for Apple TV (6.1.1).

The Apple advisory is available at:

http://support.apple.com/kb/HT6209

Vendor URL:  support.apple.com/kb/HT6181 (Links to External Site)
Cause:   Access control error

Message History:   This archive entry is a follow-up to the message listed below.
Apr 2 2014 Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Bypass Sandbox Restrictions



 Source Message Contents

Subject:  APPLE-SA-2014-04-22-3 Apple TV 6.1.1

--Apple-Mail=_67B801C2-FE49-4C7D-9723-7C759846A115
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-04-22-3 Apple TV 6.1.1

Apple TV 6.1.1 is now available and addresses the following:

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  An attacker in a privileged network position can obtain web
site credentials
Description:  Set-Cookie HTTP headers would be processed even if the
connection closed before the header line was complete. An attacker
could strip security settings from the cookie by forcing the
connection to close before the security settings were sent, and then
obtain the value of the unprotected cookie. This issue was addressed
by ignoring incomplete HTTP header lines.
CVE-ID
CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  A local user can read kernel pointers, which can be used to
bypass kernel address space layout randomization
Description:  A set of kernel pointers stored in an IOKit object
could be retrieved from userland. This issue was addressed through
removing the pointers from the object.
CVE-ID
CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's
Zero Day Initiative

Apple TV
Available for:  Apple TV 2nd generation and later
Impact:  An attacker with a privileged network position may capture
data or change the operations performed in sessions protected by SSL
Description:  In a 'triple handshake' attack, it was possible for an
attacker to establish two connections which had the same encryption
keys and handshake, insert the attacker's data in one connection, and
renegotiate so that the connections may be forwarded to each other.
To prevent attacks based on this scenario, Secure Transport was
changed so that, by default, a renegotiation must present the same
server certificate as was presented in the original connection.
CVE-ID
CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and
Alfredo Pironti of Prosecco at Inria Paris

Appel TV
Available for:  Apple TV 2nd generation and later
Impact:  An attacker with a privileged network position may cause an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2871 : miaubiz
CVE-2014-1298 : Google Chrome Security Team
CVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of
University of Szeged / Samsung Electronics
CVE-2014-1300 : Ian Beer of Google Project Zero working with HP's
Zero Day Initiative
CVE-2014-1302 : Google Chrome Security Team, Apple
CVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative
CVE-2014-1304 : Apple
CVE-2014-1305 : Apple
CVE-2014-1307 : Google Chrome Security Team
CVE-2014-1308 : Google Chrome Security Team
CVE-2014-1309 : cloudfuzzer
CVE-2014-1310 : Google Chrome Security Team
CVE-2014-1311 : Google Chrome Security Team
CVE-2014-1312 : Google Chrome Security Team
CVE-2014-1313 : Google Chrome Security Team
CVE-2014-1713 : VUPEN working with HP's Zero Day Initiative


Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTVeuDAAoJEPefwLHPlZEwi1gQAKQn8w9zSwYjMTj7wLrucXdc
19j5H2gpJUZOc+banSg49DKorF+rJY7EF+cL2FzYC93aYa4E+LMXNpgl/xbiNKSZ
O8RxAGs/6YlgT6iU/kHjx5CX+g4whFBVx56QlPv3CUFGwa1XSv5CdXqjGZANgkHz
uTWxI6E2avi5uMUnyAuVcNDaq50rUxkCzSFDvdkCOAhWkeicR0QsYXq82W6mo6p9
rEueQ9KjM8hZEsGc6stBdXCsd7Thk3eHhQS/OasPz8GLUoc213goqmjaSPRQFRlS
Ya6YDLtyY0OdL2wNeiSC33EBhoPCjCbyMUFD2iLDZNblMwRa21MhlDXVSOaF03/8
QHeLacDY1+poax0e+VxZukhyDNNXjtOgCkd9kx86/vyinb/GqOKm+6tkaSriusc8
ImWorSbb32EfmSXIGnDL1TzTDES/UigOU6zgwappGH/DS9djHQxVFZ++N+WaVBiX
dhFPLNjKB8yWXBnHb95UzKJuWU0h13rkE9FlsGkSGxeZJRGPrvK/K4XAIviqU1yc
YePX4MY8yywD4jg74QrsZRLgkfn3N/T5LCsC3KD4ejrIkvLxui3hqRGVOK7Vdssk
F43/4FKOXk46s3xIuwlYcLuwCyLyisxrVawAsf8R6ReadKlmch2fJrnG9YqKZwki
74O1bqU5Zc80vDx+/x2O
=sFDM
-----END PGP SIGNATURE-----


--Apple-Mail=_67B801C2-FE49-4C7D-9723-7C759846A115
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTVrGJAAoJEPefwLHPlZEwE48P/iScHWXEcbQRLz47DqxFgd/4
YpvKYneTIDyZxa2ConuCOqkqTjgndtSg31p3jygPRR/3zhBNHtmenuUyiEOan4wS
mWbmD5svsuNhD9s2JtDfYD0vQLyI3aXzpKV+KOGY5ili16lTCUoDBZm5EJsJH4y8
VbjVYLC2obwmnZ1OrDAKy2nXahcTEZ0TNbL5SoWX1DjTLxeMG8IU3DvV1U2aLNwl
KA2L0+cvbne1W4FDD41YVPlRLm1BnZFHg/6AIku824gH7fCKXHgiUSUumwiXmV/v
zZKd3sBhXIKA2kfKodOKXiR0kP8MO+LGRYKICDmmbtavMt1WK3kfFam8sZCSvRuu
YY57g5HtHP43jaHWhFfzMmQWYDRClHSVtKmoF1Quk1B2rW44rMyEabl4puJmu9QL
u3XWuqb4evCgaw0vTZVNPHMtvJPQjpbaSqGmKJa2lW2z/mxPmdcyMmzTmLzdhEBi
kcUJk9JD7B80/dfWZFxDX0SnbrlpVkdT9pibn2zwrUdaaW9ZxCyuBJ9E7EZV6UMc
4z1kVL4bvQt6yFju3QrWzGgwUlOyspZFtZp2sv5BucADc7DEW7Px1YEwByV1XAGb
Giky/PpERQshUawtVPz+l2EkKIO0rBZp0SFEMhC8fDFwnor+odJYHguzlqf+qHfU
V+pmvTwBFVOZJqKWTO6W
=e/lz
-----END PGP SIGNATURE-----

--Apple-Mail=_67B801C2-FE49-4C7D-9723-7C759846A115--
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC