Apple Security Advisory 2022-07-20-5 – Torchsec

APPLE-SA-2022-07-20-5 tvOS 15.6

tvOS 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213342.

APFS
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)

AppleAVD
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: A remote user may be able to cause kernel code execution
Description: A buffer overflow issue was addressed with improved
bounds checking.
CVE-2022-32788: Natalie Silvanovich of Google Project Zero

AppleAVD
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom
(@jaakerblom)

AppleMobileFileIntegrity
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

Audio
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32820: an anonymous researcher

Audio
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32825: John Aakerblom (@jaakerblom)

CoreMedia
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom
(@jaakerblom)

CoreText
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: A remote user may cause an unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32839: STAR Labs (@starlabs_sg)

File System Events
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-32819: Joshua Mason of Mandiant

GPU Drivers
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to disclose kernel memory
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2022-32793: an anonymous researcher

GPU Drivers
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-32821: John Aakerblom (@jaakerblom)

iCloud Photo Library
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to access sensitive user information
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2022-32849: Joshua Jones

ICU
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.

ImageIO
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32841: hjy79425575

ImageIO
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A logic issue was addressed with improved checks.
CVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin
(@patch1t)

ImageIO
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security

Kernel
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32813: Xinru Chi of Pangu Lab
CVE-2022-32815: Xinru Chi of Pangu Lab

Kernel
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32817: Xinru Chi of Pangu Lab

Kernel
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app with arbitrary kernel read and write capability may be
able to bypass Pointer Authentication
Description: A logic issue was addressed with improved state
management.
CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

Liblouis
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China
(nipc.org.cn)

libxml2
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to leak sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2022-32823

Multi-Touch
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved
checks.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

Software Update
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: A user in a privileged network position can track a user’s
activity
Description: This issue was addressed by using HTTPS when sending
information over the network.
CVE-2022-32857: Jeffrey Paul (sneak.berlin)

WebKit
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 239316
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.

WebKit
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
WebKit Bugzilla: 240720
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero
Day Initiative

Wi-Fi
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32837: Wang Yu of Cyberserval

Wi-Fi
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: A remote user may be able to cause unexpected system
termination or corrupt kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32847: Wang Yu of Cyberserval

Additional recognition

802.1X
We would like to acknowledge Shin Sun of National Taiwan University
for their assistance.

AppleMobileFileIntegrity
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.

configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting "Settings ->
System -> Software Update -> Update Software." To check the current
version of software, select "Settings -> General -> About."
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuUACgkQeC9qKD1p
rhgqhA//RvdwRWv4x9V+fyJIcdfoFcXnJ/E5rxv6BQjpWnVcFRa/QKVU5lu7AbMk
g6R+txpMiG1JAMqAB4oySZMtlxg0RVjCK3vBRy6v61uhBM5IgupHVZeXRVdYNGlJ
yitKP7fFbYBuZ9+wcXNE8zeKpF+dUsz0T6CNh4bo6kStyBH5RqpWdPmX5XBtwwf7
/czmfRLrhqcWdhkXJ99yN+836TFtqnUDddJRCx0DRXLYuZCXTe2QwqY6F7d+JrCO
P5XN3WntDeYZ6Yn7OK4a1KWdQ9DaKfbpVU/3iC5gFbwLkejzt7rk7QohxetWPooK
kD6VMT+lnAS6jDqlLqnb+JLZKM353VQEW5lvLs2/UO0IqP/dSAJwHopikooKPcs+
KegPiZ8O9OEiYBuVAXZiGgQYFhx3eFu+BWoSSsX3JVSsYPQE1ehF8wy5PbjpK9ru
7/s9ZpOpl0rTiBUxMc/yTZbJ2BBZf9lMCykhciQ5wZC5tmfELFnhszQEiBM9mN3K
ea5jRTobOq8gU/nb4AZbnVFMJ+gX60w8ZlvGI+E+bnEZq+tBlXFHMZ63avjsYarQ
D+2Gs4FtmeAEc7/vJ8RY3RI4mqu+9rMaxniPjsLCY8Kl5OvSYJrbs4YL+dqxe7Mp
20mn2COHtyFEEOoh+NVY1XuzSoDX4TeDBxpuqH5l9MV4TMFUh4M=
=i68Z
-----END PGP SIGNATURE-----

Comments are closed.