Apple tvOS vulnerabilities

CVE-2016-9643 [HIGH] CVE-2016-9643: tvOS 10.2 Apple Security Update: About the security content of tvOS 10.2 Product: tvOS Version: 10.2 CVE: CVE-2016-9643 Component: WebKit Impact: Processing maliciously crafted web content may lead to high memory consumption Description: An uncontrolled resource consumption issue was addressed through improved regex processing.

CVE-2017-2491 [HIGH] CVE-2017-2491: tvOS 10.2 Apple Security Update: About the security content of tvOS 10.2 Product: tvOS Version: 10.2 CVE: CVE-2017-2491 Component: JavaScriptCore Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management.

CVE-2016-3619 [MEDIUM] CVE-2016-3619: tvOS 10.2 Apple Security Update: About the security content of tvOS 10.2 Product: tvOS Version: 10.2 CVE: CVE-2016-3619 Component: CVE-2016-3619

CVE-2017-2480 [MEDIUM] CVE-2017-2480: tvOS 10.2 Apple Security Update: About the security content of tvOS 10.2 Product: tvOS Version: 10.2 CVE: CVE-2017-2480 Component: WebKit Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation.

CVE-2016-9642 [MEDIUM] CVE-2016-9642: tvOS 10.2 Apple Security Update: About the security content of tvOS 10.2 Product: tvOS Version: 10.2 CVE: CVE-2016-9642 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2373 [HIGH] CWE-119 CVE-2017-2373: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2360 [HIGH] CWE-416 CVE-2017-2360: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted

CVE-2016-4764 [HIGH] CWE-119 CVE-2016-4764: An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is af An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web

CVE-2016-4673 [HIGH] CWE-119 CVE-2016-4673: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via

CVE-2016-4660 [HIGH] CWE-200 CVE-2016-4660: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash)

CVE-2016-4666 [HIGH] CWE-119 CVE-2016-4666: An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2354 [HIGH] CWE-119 CVE-2017-2354: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt

CVE-2016-4677 [HIGH] CWE-119 CVE-2016-4677: An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2016-4675 [HIGH] CWE-264 CVE-2016-4675: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2016-7578 [HIGH] CWE-119 CVE-2016-7578: An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruptio

CVE-2017-2356 [HIGH] CWE-119 CVE-2017-2356: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt

CVE-2017-2370 [HIGH] CWE-119 CVE-2017-2370: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted

CVE-2017-2369 [HIGH] CWE-119 CVE-2017-2369: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2016-4688 [HIGH] CWE-119 CVE-2016-4688: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overfl

CVE-2016-7584 [HIGH] CWE-254 CVE-2016-7584: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID.