tvOS 12.1.1

Apple TV Forum: Alles rund um Apple TV und tvOS.
Benutzeravatar
admin
Site Admin
Beiträge: 957
Registriert: 21.04.2016 21:05

tvOS 12.1.1

Beitrag von admin » 06.12.2018 19:55

Apple hat tvOS 12.1.1 veröffentlicht.
Airport
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to elevate privileges
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4303: Mohamed Ghannam (@_simo36)

Disk Images
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4465: Pangu Team

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed by removing the
vulnerable code.
CVE-2018-4460: Kevin Backhouse of Semmle Security Research Team

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2018-4431: An independent security researcher has reported this
vulnerability to Beyond Security's SecuriTeam Secure Disclosure
program

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2018-4447: Juwei Lin(@panicaII) and Zhengyu Dong of TrendMicro
Mobile Security Team

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4435: Jann Horn of Google Project Zero, Juwei Lin(@panicaII)
and Junzhi Lu of TrendMicro Mobile Security Team

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4461: Ian Beer of Google Project Zero

Profiles
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An untrusted configuration profile may be incorrectly
displayed as verified
Description: A certificate validation issue existed in configuration
profiles. This was addressed with additional checks.
CVE-2018-4436: James Seeley @Code4iOS, Joseph S. of Wyong High School

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4437: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of
KAIST Softsec Lab, Korea
CVE-2018-4464: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of
KAIST Softsec Lab, Korea

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4441: lokihardt of Google Project Zero
CVE-2018-4442: lokihardt of Google Project Zero
CVE-2018-4443: lokihardt of Google Project Zero

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue existed resulting in memory corruption.
This was addressed with improved state management.
CVE-2018-4438: lokihardt of Google Project Zero

Additional recognition

Profiles
We would like to acknowledge Luke Deshotels, Jordan Beichler, and
William Enck of North Carolina State University; Costin Carabaș and
Răzvan Deaconescu of University POLITEHNICA of Bucharest for their
assistance.