About the security content of tvOS 9.2.1

This document describes the security content of tvOS 9.2.1.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other security updates, see Apple security updates.

tvOS 9.2.1

• CFNetwork Proxies

  Available for: Apple TV (4th generation)

  Impact: An attacker in a privileged network position may be able to leak sensitive user information

  Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling.

  CVE-ID

  CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security

• CommonCrypto

  Available for: Apple TV (4th generation)

  Impact: A malicious application may be able to leak sensitive user information

  Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.

  CVE-ID

  CVE-2016-1802 : Klaus Rodewig

• CoreCapture

  Available for: Apple TV (4th generation)

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: A null pointer dereference was addressed through improved validation.

  CVE-ID

  CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative

• Disk Images

  Available for: Apple TV (4th generation)

  Impact: An application may be able to read kernel memory

  Description: A race condition was addressed through improved locking.

  CVE-ID

  CVE-2016-1807 : Ian Beer of Google Project Zero

• Disk Images

  Available for: Apple TV (4th generation)

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.

  CVE-ID

  CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro

• ImageIO

  Available for: Apple TV (4th generation)

  Impact: Processing a maliciously crafted image may lead to a denial of service

  Description: A null pointer dereference was addressed through improved validation.

  CVE-ID

  CVE-2016-1811 : Lander Brandt (@landaire)

• IOAcceleratorFamily

  Available for: Apple TV (4th generation)

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: A memory corruption issue was addressed through improved memory handling.

  CVE-ID

  CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative

  CVE-2016-1818: Juwei Lin of TrendMicro, sweetchip@GRAYHASH working with Trend Micro’s Zero Day Initiative

• IOAcceleratorFamily

  Available for: Apple TV (4th generation)

  Impact: An application may be able to cause a denial of service

  Description: A null pointer dereference was addressed through improved locking.

  CVE-ID

  CVE-2016-1814 : Juwei Lin of TrendMicro

• IOAcceleratorFamily

  Available for: Apple TV (4th generation)

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: A memory corruption vulnerability was addressed through improved locking.

  CVE-ID

  CVE-2016-1819 : Ian Beer of Google Project Zero

• IOAcceleratorFamily

  Available for: Apple TV (4th generation)

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: A null pointer dereference was addressed through improved validation.

  CVE-ID

  CVE-2016-1813 : Ian Beer of Google Project Zero

• IOHIDFamily

  Available for: Apple TV (4th generation)

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: A memory corruption issue was addressed through improved memory handling.

  CVE-ID

  CVE-2016-1823 : Ian Beer of Google Project Zero

  CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

  CVE-2016-4650 : Peter Pi of Trend Micro working with HPs Zero Day Initiative

• Kernel

  Available for: Apple TV (4th generation)

  Impact: An application may be able to execute arbitrary code with kernel privileges

  Description: Multiple memory corruption issues were addressed through improved memory handling.

  CVE-ID

  CVE-2016-1827 : Brandon Azad

  CVE-2016-1828 : Brandon Azad

  CVE-2016-1829 : CESG

  CVE-2016-1830 : Brandon Azad

• libc

  Available for: Apple TV (4th generation)

  Impact: An application may be able to cause unexpected application termination or arbitrary code execution

  Description: A memory corruption issue was addressed through improved input validation.

  CVE-ID

  CVE-2016-1832 : Karl Williamson

• libxml2

  Available for: Apple TV (4th generation)

  Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

  Description: Multiple memory corruption issues were addressed through improved memory handling.

  CVE-ID

  CVE-2016-1833 : Mateusz Jurczyk

  CVE-2016-1834 : Apple

  CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University

  CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University

  CVE-2016-1838 : Mateusz Jurczyk

  CVE-2016-1839 : Mateusz Jurczyk

  CVE-2016-1840 : Kostya Serebryany

• libxslt

  Available for: Apple TV (4th generation)

  Impact: Processing maliciously crafted web content may lead to arbitrary code execution

  Description: A memory corruption issue was addressed through improved memory handling.

  CVE-ID

  CVE-2016-1841 : Sebastian Apelt

• OpenGL

  Available for: Apple TV (4th generation)

  Impact: Processing maliciously crafted web content may lead to arbitrary code execution

  Description: Multiple memory corruption issues were addressed through improved memory handling.

  CVE-ID

  CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks

• WebKit

  Available for: Apple TV (4th generation)

  Impact: Processing maliciously crafted web content may disclose data from another website

  Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking.

  CVE-ID

  CVE-2016-1858 : an anonymous researcher

• WebKit

  Available for: Apple TV (4th generation)

  Impact: Processing maliciously crafted web content may lead to arbitrary code execution

  Description: Multiple memory corruption issues were addressed through improved memory handling.

  CVE-ID

  CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative

  CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks

  CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative

  CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative

• WebKit Canvas

  Available for: Apple TV (4th generation)

  Impact: Processing maliciously crafted web content may lead to arbitrary code execution

  Description: Multiple memory corruption issues were addressed through improved memory handling.

  CVE-ID

  CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative