Apple tvOS vulnerabilities

CVE-2016-4691 [HIGH] CVE-2016-4691: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-4691 Component: FontParser Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.

CVE-2016-7611 [HIGH] CVE-2016-7611: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7611 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-7642 [HIGH] CVE-2016-7642: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7642 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-4692 [HIGH] CVE-2016-4692: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-4692 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-7589 [HIGH] CVE-2016-7589: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7589 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved state management.

CVE-2016-7587 [HIGH] CVE-2016-7587: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7587 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-7612 [HIGH] CVE-2016-7612: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7612 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2016-7658 [HIGH] CVE-2016-7658: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7658 Component: Audio Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation.

CVE-2016-7662 [HIGH] CVE-2016-7662: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7662 Component: Security Impact: Certificates may be unexpectedly evaluated as trusted Description: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates.

CVE-2016-7594 [HIGH] CVE-2016-7594: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7594 Component: ICU Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-7588 [HIGH] CVE-2016-7588: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7588 Component: CoreMedia Playback Impact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-7639 [HIGH] CVE-2016-7639: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7639 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-7621 [HIGH] CVE-2016-7621: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7621 Component: Kernel Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A use after free issue was addressed through improved memory management.

CVE-2016-7659 [HIGH] CVE-2016-7659: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7659 Component: Audio Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation.

CVE-2016-7643 [HIGH] CVE-2016-7643: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7643 Component: ImageIO Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed through improved bounds checking.

CVE-2016-7667 [HIGH] CVE-2016-7667: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7667 Component: CoreText Impact: Processing a maliciously crafted string may lead to a denial of service Description: An issue when rendering overlapping ranges was addressed through improved validation.

CVE-2016-7661 [HIGH] CVE-2016-7661: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7661 Component: Power Management Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation.

CVE-2016-7652 [HIGH] CVE-2016-7652: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7652 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-7610 [HIGH] CVE-2016-7610: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7610 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-7606 [HIGH] CVE-2016-7606: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7606 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved input validation.