-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-4 Apple TV 6.1.2 Apple TV 6.1.2 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Apple TV Available for: Apple TV 2nd generation and later Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Apple TV Available for: Apple TV 2nd generation and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community Apple TV Available for: Apple TV 2nd generation and later Impact: An iTunes Store transaction may be completed with insufficient authorization Description: A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. This issue was addressed by additional enforcement of purchase authorization. CVE-ID CVE-2014-1383 Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaLGAAoJEBcWfLTuOo7tgDkQAISO0VZeghUvKSWSJfPC7mlW g8jGo58zwkZmjNcd0V907jHlK2UdNtHrV9SSvhvrYWhfVezoVrvg1EMciDMtdlxp KHvAiCmiHJbs2NL3qrJSxjBZQfsovs1k0ju1MLAtiPjnNjzRLra01ww+IKjMK3j6 FldfDXFT5Fhag2qcyH4NuI/BNb2rKSxHp7F2A64e3aKR00DKmyOGXpF9fIZes37P OqYWYRKfJ+sXMI8AOP/V++SuZ0SiUhSRKX8nSF0bNu1qpG9TvsBcZOjDigN0JMZg 8aD7be8KBs9vjSuRAG96q0fkf1ePN4MUIpe+uTHE2LJbOphvoKwYoSthfFc8KQ18 x9dVbHNd9Kfhqg5Gf10yr+a6pyxFMjTWEjs3UtDGQw8ZLUdggHtyqZHLVsszNgmA m+LK6sQSWn11uiCu8R0dYwcd0MKwZUM+WrGauO/V7GrhnnbTmI1fRKT6VV583obh e3zFt2zvvIPcC7SCtRp1hMSAqtVEWWUFS++6sfpnWTYfXaN6XZmg3dIjDUp5hKa7 +ilRNeewFKOH/kXm+UWcIwzw3SMSAIsfOKkoDvf0/N7/0MfEyDN3wt5E2mXb3M2B Co5elfxqaJGMwZPBxpdWzUmNHrvVnFwWXn2Bsuo+lah6S/GLRajKnLxiJBJwXZWq HesVEEK6hJjPBlUEY9a5 =b7jD -----END PGP SIGNATURE-----
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail