Apple tvOS vulnerabilities

CVE-2017-7003 [MEDIUM] CWE-20 CVE-2017-7003: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVE-2017-7164 [MEDIUM] CWE-20 CVE-2017-7164: An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts.

CVE-2018-4146 [MEDIUM] CWE-119 CVE-2018-4146: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service

CVE-2017-15412 [HIGH] CVE-2017-15412: tvOS 11.3 Apple Security Update: About the security content of tvOS 11.3 Product: tvOS Version: 11.3 CVE: CVE-2017-15412 Component: Kernel Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.

CVE-2018-4189 [CRITICAL] CVE-2018-4189: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4189 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4147 [CRITICAL] CVE-2018-4147: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4147 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4095 [HIGH] CVE-2018-4095: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4095 Component: Core Bluetooth Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4085 [HIGH] CVE-2018-4085: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4085 Component: QuartzCore Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of web content. This issue was addressed with improved input validation.

CVE-2018-4089 [HIGH] CVE-2018-4089: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4089 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4087 [HIGH] CVE-2018-4087: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4087 Component: Core Bluetooth Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4109 [HIGH] CVE-2018-4109: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4109 Component: Graphics Driver Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4094 [HIGH] CVE-2018-4094: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4094 Component: Audio Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4082 [HIGH] CVE-2018-4082: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4082 Component: Kernel Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4088 [HIGH] CVE-2018-4088: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4088 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4096 [HIGH] CVE-2018-4096: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4096 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4093 [MEDIUM] CVE-2018-4093: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4093 Component: Kernel Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4092 [MEDIUM] CVE-2018-4092: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4092 Component: Kernel Impact: An application may be able to read restricted memory Description: A race condition was addressed with improved locking.

CVE-2018-4090 [MEDIUM] CVE-2018-4090: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4090 Component: Kernel Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling.

CVE-2017-7830 [MEDIUM] CVE-2017-7830: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2017-7830 Component: WebKit Page Loading Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4086 [MEDIUM] CVE-2018-4086: tvOS 11.2.5 Apple Security Update: About the security content of tvOS 11.2.5 Product: tvOS Version: 11.2.5 CVE: CVE-2018-4086 Component: Security Impact: A certificate may have name constraints applied incorrectly Description: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.