2016-01-26
Nyhet

Säkerhetshål fixade i tvOS 9.1.1

Gott om säkerhetshål fixade:

Disk Images
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to execute arbitrary code with kernel privileges
Description:  A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team

IOHIDFamily
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to execute arbitrary code with kernel privileges
Description:  A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1719 : Ian Beer of Google Project Zero

IOKit
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to execute arbitrary code with kernel privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1720 : Ian Beer of Google Project Zero

Kernel
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to execute arbitrary code with kernel privileges
Description:  A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend
Micro

libxslt
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted XML may lead to arbitrary code execution
Description:  A type confusion issue existed in libxslt. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7995 : puzzor

syslog
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to execute arbitrary code with root privileges.
Description:  A memory corruption issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs

WebKit
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may lead to arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1724 : Apple
CVE-2016-1727 : Apple

Intressant hur många av dessa säkerhetshål som inte upptäckts av Apple själva, som det så ofta är med både OS X, iOS och numera också tvOS.


Macpro är annonsfri för att göra din läsupplevelse bättre.
Läs mer här om hur du hjälper Macpro förbli annonsfri

© 2004 - 2016 Joacim Melin