Apple Security Advisory 2021-10-26-7 – Torchsec

APPLE-SA-2021-10-26-7 tvOS 15.1

tvOS 15.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212876.

Audio
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab

ColorSync
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles. This issue was addressed with improved input
validation.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero

CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro

CoreGraphics
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919

FileProvider
Available for: Apple TV 4K and Apple TV HD
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360

Game Center
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to access information
about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30895: Denis Tokarev

Game Center
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to read user's gameplay
data
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30896: Denis Tokarev

iCloud
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga

Image Processing
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30894: Pan ZhenPeng (@Peterpan0927) of Alibaba Security
Pandora Lab

IOMobileFrameBuffer
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30886: @0xalsr

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab

Model I/O
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro

UIKit
Available for: Apple TV 4K and Apple TV HD
Impact: A person with physical access to an iOS device may be able to
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt.
Ltd.

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30890: an anonymous researcher

Additional recognition

iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.

Mail
We would like to acknowledge Fabian Ising and Damian Poddebniak of
Münster University of Applied Sciences for their assistance.

WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero,
Pavel Gromadchuk, an anonymous researcher for their assistance.

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hvQACgkQeC9qKD1p
rhhXoQ//d43gU2jhz9IhEIu+hG6CdDsz/zbhsNWx3gIMwQPGva3Wk9mvJApvL9KJ
Giy8lJ0oXK4xsUNWw8PVEkrXQnxdSk4p5uZ6G3NcKYBojhLYYjQvsLUnSkBANds5
YLxkqFotpLml7ESd4to2pxgvh0HNF5MDmI98kztWOGsjVRzESXsNZohmq35LOzwV
GKw1IOqf0ugJ3DKxTUrkD5WICnE4X4nypFjfug7DEPKPYyMXkB2rhvSfDLN7mdRS
JSbHH3CEfIrtxhIjDXWaZUJdBRR0kTNON95JAzYJRuVbG5mQBCLW6Uy8M0DPVQHh
l5kJo6YguN9xPBEyyQUsa2cTGoG/JrXx/GbLsucWVSmLi7H0ls2MSFlkDcVJPA1O
sa+j6uExuzPQmNgDLs8si0mOtIoHXmtv8Dl+NxVDEPqMFQSt6pVcfd4Vsuo/7p51
z6loqB/sWtskVvn5oglZZelXy8QmF505uXWkUIuK65BSxi3zwVGNvFoVlmonYz9S
jAKKSmuhh2976etA6GmLbMA7NojPCO5ztq9HQmZi4/++onQ9ZCQpcNV5Z3+JdccP
wM9R/3noukXJo2WONVibJO16Gpc+0fqV/Nnx0eRNRQB1KP7dMzUH10/MNxUeW9RB
oRatqenRvmNlVlVl/gxugjYSmTP7ApnAijroaVoajXAwlGIkMTc=
=IYqO
-----END PGP SIGNATURE-----

Comments are closed.