-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-09-20-6 tvOS 10 The tvOS 10 advisory has been released to describe the entries below: Audio Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park, and Taekyoung Kwon of Information Security Lab, Yonsei University Entry added September 20, 2016 CFNetwork Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may compromise user information Description: An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking. CVE-2016-4708: Dawid Czagan of Silesia Security Lab Entry added September 20, 2016 CoreCrypto Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code Description: An out-of-bounds write issue was addressed by removing the vulnerable code. CVE-2016-4712: Gergo Koteles Entry added September 20, 2016 FontParser Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4718: Apple Entry added September 20, 2016 IOAcceleratorFamily Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4725: Rodger Combs of Plex, Inc. Entry added September 20, 2016 IOAcceleratorFamily Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4726: an anonymous researcher Entry added September 20, 2016 Kernel Available for: Apple TV (4th generation) Impact: A remote attacker may be able to cause a denial of service Description: A lock handling issue was addressed through improved lock handling. CVE-2016-4772: Marc Heuse of mh-sec Entry added September 20, 2016 Kernel Available for: Apple TV (4th generation) Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation. CVE-2016-4773: Brandon Azad CVE-2016-4774: Brandon Azad CVE-2016-4776: Brandon Azad Entry added September 20, 2016 Kernel Available for: Apple TV (4th generation) Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4775: Brandon Azad Entry added September 20, 2016 Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An untrusted pointer dereference was addressed by removing the affected code. CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team Entry added September 20, 2016 Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4778: CESG Entry added September 20, 2016 libxml2 Available for: Apple TV (4th generation) Impact: Multiple issues in libxml2, the most significant of which may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4658: Nick Wellnhofer CVE-2016-5131: Nick Wellnhofer Entry added September 20, 2016 libxslt Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4738: Nick Wellnhofer Entry added September 20, 2016 Security Available for: Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in signed disk images. This issue was addressed through improved size validation. CVE-2016-4753: Mark Mentovai of Google Inc. Entry added September 20, 2016 WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A parsing issue existed in the handling of error prototypes. This was addressed through improved validation. CVE-2016-4728: Daniel Divricean Entry added September 20, 2016 WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4611: Apple CVE-2016-4730: Apple CVE-2016-4734: Natalie Silvanovich of Google Project Zero CVE-2016-4735: André Bargull CVE-2016-4737: Apple CVE-2016-4759: Tongbo Luo of Palo Alto Networks CVE-2016-4766: Apple CVE-2016-4767: Apple CVE-2016-4768: Anonymous working with Trend Micro's Zero Day Initiative Entry added September 20, 2016 WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management. CVE-2016-4733: Natalie Silvanovich of Google Project Zero CVE-2016-4765: Apple Entry added September 20, 2016 Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.” To check the current version of software, select "Settings -> General -> About.” Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJX4YUuAAoJEIOj74w0bLRGEKwQAND90p4tiCZDr5z+T94m4428 e2g+h5c5RtY0tV7j1whSLrPSoX0ez7S9T3p9/O9VoHHKhm8AvE/bqm79tjsi4TwB oEutlCLTRvq8LeDbIhG5qDsUm+bTfgBfJ+1XCHLVFi2Bbm0fZgi6TbDsSCxLgmZU DWNfUz24QV1gOMS7rZVQ8Og7tNQsv78CExENnQFgN0dM9XfAn97JgTnwQwzjf9sf ywbbhVjLOH1NTrevFisZKq8NLbh+keXT8Ek8axyvk2CiVOeWFoRrVtZX03J73iAG NCCiY1wgKSET91lLyBkneWj4eeHH1kvZ/DExfg7MxTg3N9z7EHSyKF1ON3BqdtBO hSYpux4K+zN48bgPbgB+O+qy4t4m7mwrz2C4K7gW6whgN6DC/mH6P1qyQv4rXBXv LGzEjXzMjbb0Ux5xuw81tkFkfMEY2uRlgNaaYO0R86YinMkgOyRYdDbmbK62AReq DWuiB0o0CJ9ip8YKLuBS7jT5/0uNEp4Nc6s1Y/D4hx/SxIhNRPMRryoEkrFLxG0q hZBaNeCKa+Vy7S0Tfd8c3x3vUybpaRZjFUlal3cD2hgLiKkxMFIKli+y5rNCG8zH EbLmWFA8RwaDlEKkKmKD8bASRqw/tILbgJ9E5As0U12h81CJsNPDweQTShaN6Z+B svyBFoBkuLMo7dSDZ9iW =y/KT -----END PGP SIGNATURE-----