Huntsville Macintosh Users Group
UNIX/Security News

Home | Archive | UNIX

Join the Group | About Us | Calendar | Contact Us | Site Index

Security Update: tvOS 9.2

(2016-03-21)

Apple has updated tvOS, for 4th generation Apple TVs, to version 9.2. The update addresses the following security related issues:

• FontParser (CVE-2016-1740): Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
• HTTPProtocol (CVE-2015-8659): A remote attacker may be able to execute arbitrary code
• IOHIDFamily (CVE-2016-1748): An application may be able to determine kernel memory layout
• Kernel (CVE-2016-1750, CVE-2016-1753, CVE-2016-1754, CVE-2016-1755): An application may be able to execute arbitrary code with kernel privileges
• Kernel (CVE-2016-1751): An application may be able to bypass code signing
• Kernel (CVE-2016-1752): An application may be able to cause a denial of service
• libxml2 (CVE-2015-1819, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8242, CVE-2016-1762): Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution
• Security (CVE-2016-1950): Processing a maliciously crafted certificate may lead to arbitrary code execution
• TrueTypeScaler (CVE-2016-1775): Processing a maliciously crafted font file may lead to arbitrary code execution
• WebKit (CVE-2016-1783): Processing maliciously crafted web content may lead to arbitrary code execution
• WebKit History (CVE-2016-1784): Processing maliciously crafted web content may lead to an unexpected Safari crash
• Wi-Fi (CVE-2016-0801, CVE-2016-0802): An attacker with a privileged network position may be able to execute arbitrary code

© The Huntsville Macintosh Users Group 1995-2018
Apple, the Apple Logo, and Macintosh are registered trademarks of Apple, Inc.
Other names may be registered trademarks of their respective owners.