About the security content of Apple TV 7

This document describes the security content of Apple TV 7.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see Apple Security Updates.

Apple TV 7

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: An attacker can obtain WiFi credentials

    Description: An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods. This issue was addressed by removing support for LEAP.

    CVE-ID

    CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim Lamotte of Universiteit Hasselt

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: An attacker with access to an device may access sensitive user information from logs

    Description: Sensitive user information was logged. This issue was addressed by logging less information.

    CVE-ID

    CVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: An attacker with a privileged network position may be able to cause a device to think that it is up to date even when it is not

    Description: A validation issue existed in the handling of update check responses. Spoofed dates from Last-Modified response headers set to future dates were used for If-Modified-Since checks in subsequent update requests. This issue was addressed by validation of the Last-Modified header.

    CVE-ID

    CVE-2014-4383 : Raul Siles of DinoSec

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure

    Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: An application may cause an unexpected system termination

    Description: A null pointer dereference existed in the handling of IOAcceleratorFamily API arguments. This issue was addressed through improved validation of IOAcceleratorFamily API arguments.

    CVE-ID

    CVE-2014-4369 : Catherine aka winocm and Cererdlong of Alibaba Mobile Security Team

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: The device may unexpectedly restart

    Description: A NULL pointer dereference was present in the IntelAccelerator driver. The issue was addressed by improved error handling.

    CVE-ID

    CVE-2014-4373 : cunzhang from Adlab of Venustech

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A malicious application may be able to read kernel pointers, which can be used to bypass kernel address space layout randomization

    Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4379 : Ian Beer of Google Project Zero

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4404 : Ian Beer of Google Project Zero

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties.

    CVE-ID

    CVE-2014-4405 : Ian Beer of Google Project Zero

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A malicious application may be able to execute arbitrary code with kernel privileges

    Description: An out-of-bounds write issue existed in the IOHIDFamily kernel extension. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4380 : cunzhang from Adlab of Venustech

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A malicious application may be able to read uninitialized data from kernel memory

    Description: An uninitialized memory access issue existed in the handling of IOKit functions. This issue was addressed through improved memory initialization

    CVE-ID

    CVE-2014-4407 : @PanguTeam

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata.

    CVE-ID

    CVE-2014-4418 : Ian Beer of Google Project Zero

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata.

    CVE-ID

    CVE-2014-4388 : @PanguTeam

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments.

    CVE-ID

    CVE-2014-4389 : Ian Beer of Google Project Zero

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A local user may be able to determine kernel memory layout

    Description: Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization.

    CVE-ID

    CVE-2014-4371 : Fermin J. Serna of the Google Security Team

    CVE-2014-4419 : Fermin J. Serna of the Google Security Team

    CVE-2014-4420 : Fermin J. Serna of the Google Security Team

    CVE-2014-4421 : Fermin J. Serna of the Google Security Team

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A person with a privileged network position may cause a denial of service

    Description: A race condition issue existed in the handling of IPv6 packets. This issue was addressed through improved lock state checking.

    CVE-ID

    CVE-2011-2391 : Marc Heuse

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel

    Description: A double free issue existed in the handling of Mach ports. This issue was addressed through improved validation of Mach ports.

    CVE-ID

    CVE-2014-4375

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel

    Description: An out-of-bounds read issue existed in rt_setgate. This may lead to memory disclosure or memory corruption. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4408

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: Some kernel hardening measures may be bypassed

    Description: The 'early' random number generator used in some kernel hardening measures was not cryptographically secure, and some of its output was exposed to user space, allowing bypass of the hardening measures. This issue was addressed by replacing the random number generator with a cryptographically secure algorithm, and using a 16-byte seed.

    CVE-ID

    CVE-2014-4422 : Tarjei Mandt of Azimuth Security

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A malicious application may be able to execute arbitrary code with root privileges

    Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-4381 : Ian Beer of Google Project Zero

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: A local user may be able to change permissions on arbitrary files

    Description: syslogd followed symbolic links while changing permissions on files. This issue was addressed through improved handling of symbolic links.

    CVE-ID

    CVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech Information Security Center (GTISC)

  • Apple TV

    Available for: Apple TV 3rd generation and later

    Impact: An attacker with a privileged network position may cause an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2013-6663 : Atte Kettunen of OUSPG

    CVE-2014-1384 : Apple

    CVE-2014-1385 : Apple

    CVE-2014-1387 : Google Chrome Security Team

    CVE-2014-1388 : Apple

    CVE-2014-1389 : Apple

    CVE-2014-4410 : Eric Seidel of Google

    CVE-2014-4411 : Google Chrome Security Team

    CVE-2014-4412 : Apple

    CVE-2014-4413 : Apple

    CVE-2014-4414 : Apple

    CVE-2014-4415 : Apple

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Published Date: