Apple tvOS vulnerabilities

CVE-2018-4266 [MEDIUM] CWE-362 CVE-2018-4266: A race condition was addressed with additional validation. This issue affected versions prior toiVer A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

CVE-2018-4293 [MEDIUM] CWE-20 CVE-2018-4293: A cookie management issue was addressed with improved checks. This issue affected versions prior to A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

CVE-2018-4321 [MEDIUM] CWE-20 CVE-2018-4321: A validation issue existed in the entitlement verification. This issue was addressed with improved v A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.

CVE-2018-4304 [MEDIUM] CWE-20 CVE-2018-4304: A denial of service issue was addressed with improved validation. This issue affected versions prior A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4309 [MEDIUM] CWE-79 CVE-2018-4309: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validatio A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4313 [MEDIUM] CWE-20 CVE-2018-4313: A consistency issue existed in the handling of application snapshots. The issue was addressed with i A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

CVE-2019-5608 [CRITICAL] CVE-2019-5608: tvOS 12.2 Apple Security Update: About the security content of tvOS 12.2 Product: tvOS Version: 12.2 CVE: CVE-2019-5608 Component: Kernel Impact: A remote attacker may be able to alter network traffic data Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management.

CVE-2019-8547 [CRITICAL] CVE-2019-8547: tvOS 12.2 Apple Security Update: About the security content of tvOS 12.2 Product: tvOS Version: 12.2 CVE: CVE-2019-8547 Component: Kernel Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.

CVE-2019-8531 [CRITICAL] CVE-2019-8531: tvOS 12.2 Apple Security Update: About the security content of tvOS 12.2 Product: tvOS Version: 12.2 CVE: CVE-2019-8531 Component: Security Impact: An untrusted radius server certificate may be trusted Description: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.

CVE-2019-8638 [HIGH] CVE-2019-8638: tvOS 12.2 Apple Security Update: About the security content of tvOS 12.2 Product: tvOS Version: 12.2 CVE: CVE-2019-8638 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8618 [HIGH] CVE-2019-8618: tvOS 12.2 Apple Security Update: About the security content of tvOS 12.2 Product: tvOS Version: 12.2 CVE: CVE-2019-8618 Component: Sandbox Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved restrictions.

CVE-2019-7286 [HIGH] CVE-2019-7286: tvOS 12.2 Apple Security Update: About the security content of tvOS 12.2 Product: tvOS Version: 12.2 CVE: CVE-2019-7286 Component: Foundation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-8639 [HIGH] CVE-2019-8639: tvOS 12.2 Apple Security Update: About the security content of tvOS 12.2 Product: tvOS Version: 12.2 CVE: CVE-2019-8639 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8532 [MEDIUM] CVE-2019-8532: tvOS 12.2 Apple Security Update: About the security content of tvOS 12.2 Product: tvOS Version: 12.2 CVE: CVE-2019-8532 Component: MediaLibrary Impact: A malicious application may be able to access restricted files Description: A permissions issue was addressed by removing vulnerable code and adding additional checks.

CVE-2019-8528 [MEDIUM] CVE-2019-8528: tvOS 12.2 Apple Security Update: About the security content of tvOS 12.2 Product: tvOS Version: 12.2 CVE: CVE-2019-8528 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management.

CVE-2019-8525 [MEDIUM] CVE-2019-8525: tvOS 12.2 Apple Security Update: About the security content of tvOS 12.2 Product: tvOS Version: 12.2 CVE: CVE-2019-8525 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management.

CVE-2019-6234 [HIGH] CWE-787 CVE-2019-6234: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6215 [HIGH] CWE-843 CVE-2019-6215: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1. A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6226 [HIGH] CWE-787 CVE-2019-6226: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6224 [HIGH] CWE-119 CVE-2019-6224: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.