Apple tvOS vulnerabilities

CVE-2016-7591 [MEDIUM] CVE-2016-7591: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7591 Component: IOHIDFamily Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management.

CVE-2016-7714 [LOW] CVE-2016-7714: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7714 Component: IOKit Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling.

CVE-2016-7657 [LOW] CVE-2016-7657: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7657 Component: IOKit Impact: An application may be able to read kernel memory Description: A memory corruption issue was addressed through improved input validation.

CVE-2016-4695 CVE-2016-4695: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-4695 Component: JavaScriptCore Impact: A script executing in a JavaScript sandbox may be able to access state outside that sandbox Description: A validation issue existed in processing JavaScript. This issue was addressed through improved validation.

CVE-2016-7647 CVE-2016-7647: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7647 Component: Kernel Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved memory handling.

CVE-2016-7613 [HIGH] CVE-2016-7613: tvOS 10.0.1 Apple Security Update: About the security content of tvOS 10.0.1 Product: tvOS Version: 10.0.1 CVE: CVE-2016-7613 Component: Kernel Impact: A local application may be able to execute arbitrary code with root privileges Description: Multiple object lifetime issues existed when spawning new processes. These were addressed through improved validation.

CVE-2016-4613 [MEDIUM] CVE-2016-4613: tvOS 10.0.1 Apple Security Update: About the security content of tvOS 10.0.1 Product: tvOS Version: 10.0.1 CVE: CVE-2016-4613 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: An input validation issue was addressed through improved state management.

CVE-2016-4658 [CRITICAL] CWE-119 CVE-2016-4658: xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 1 xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

CVE-2016-4734 [CRITICAL] CVE-2016-4734: WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execu WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.

CVE-2016-4702 [CRITICAL] CWE-119 CVE-2016-4702: Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2016-4759 [HIGH] CWE-119 CVE-2016-4759: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.

CVE-2016-4777 [HIGH] CWE-264 CVE-2016-4777: The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.

CVE-2016-4773 [HIGH] CWE-125 CVE-2016-4773: The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.

CVE-2016-4772 [HIGH] CWE-399 CVE-2016-4772: The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows re The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.

CVE-2016-4730 [HIGH] CVE-2016-4730: WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execu WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

CVE-2016-4726 [HIGH] CWE-119 CVE-2016-4726: IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2016-4775 [HIGH] CWE-119 CVE-2016-4775: The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to ga The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2016-4738 [HIGH] CWE-119 CVE-2016-4738: libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remot libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVE-2016-4766 [HIGH] CVE-2016-4766: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.

CVE-2016-4737 [HIGH] CWE-119 CVE-2016-4737: WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.