Apple tvOS vulnerabilities

CVE-2016-7595 [HIGH] CVE-2016-7595: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7595 Component: CoreText Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.

CVE-2016-7640 [HIGH] CVE-2016-7640: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7640 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-7649 [HIGH] CVE-2016-7649: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7649 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-7655 [HIGH] CVE-2016-7655: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7655 Component: CoreMedia External Displays Impact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon Description: A type confusion issue was addressed through improved memory handling.

CVE-2016-4693 [HIGH] CVE-2016-4693: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-4693 Component: Security Impact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm Description: 3DES was removed as a default cipher.

CVE-2016-7656 [HIGH] CVE-2016-7656: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7656 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved state management.

CVE-2016-7637 [HIGH] CVE-2016-7637: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7637 Component: Kernel Impact: A local user may be able to gain root privileges Description: A memory corruption issue was addressed through improved input validation.

CVE-2016-7654 [HIGH] CVE-2016-7654: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7654 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-7641 [HIGH] CVE-2016-7641: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7641 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-7646 [HIGH] CVE-2016-7646: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7646 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-4743 [HIGH] CVE-2016-4743: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-4743 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation.

CVE-2016-7645 [HIGH] CVE-2016-7645: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7645 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-7619 [MEDIUM] CVE-2016-7619: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7619 Component: Kernel Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved memory handling.

CVE-2016-7636 [MEDIUM] CVE-2016-7636: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7636 Component: Security Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate.

CVE-2016-7627 [MEDIUM] CVE-2016-7627: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7627 Component: CoreGraphics Impact: Processing a maliciously crafted font file may lead to unexpected application termination Description: A null pointer dereference was addressed through improved input validation.

CVE-2016-7599 [MEDIUM] CVE-2016-7599: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7599 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: An issue existed in the handling of HTTP redirects. This issue was addressed through improved cross origin validation.

CVE-2016-7607 [MEDIUM] CVE-2016-7607: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7607 Component: Kernel Impact: An application may be able to read kernel memory Description: An insufficient initialization issue was addressed by properly initializing memory returned to user space.

CVE-2016-7615 [MEDIUM] CVE-2016-7615: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7615 Component: Kernel Impact: A local user may be able to cause a system denial of service Description: A denial of service issue was addressed through improved memory handling.

CVE-2016-7598 [MEDIUM] CVE-2016-7598: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7598 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An uninitialized memory access issue was addressed through improved memory initialization.

CVE-2016-7586 [MEDIUM] CVE-2016-7586: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7586 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: A validation issue was addressed through improved state management.