Huntsville Macintosh Users Group
UNIX/Security News

Home | Archive | UNIX

Join the Group | About Us | Calendar | Contact Us | Site Index

Security Update: tvOS 9.2.2

(2016-07-18)

Apple has updated tvOS to version 9.2.2 for the 4th generation AppleTV. This update addresses the following security related issues:

• CoreGraphics (CVE-2016-4637): A remote attacker may be able to execute arbitrary code
• ImageIO (CVE-2016-4631): A remote attacker may be able to execute arbitrary code
• ImageIO (CVE-2016-4632): A remote attacker may be able to cause a denial of service
• IOAcceleratorFamily (CVE-2016-4627): A local user may be able to execute arbitrary code with kernel privileges
• IOHIDFamily )CVE-2016-4626_: A local user may be able to execute arbitrary code with kernel privileges
• Kernel (CVE-2016-1863, CVE-2016-1864, CVE-2016-4582): A local user may be able to execute arbitrary code with kernel privileges
• Kernel (CVE-2016-1865): A local user may be able to cause a system denial of service
• libxml2 (CVE-2016-4448, CVE-2016-4483, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619): Multiple vulnerabilities in libxml2
• libxml2 (CVE-2016-4449): Parsing a maliciously crafted XML document may lead to disclosure of user information
• libxslt (CVE-2016-1684, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612): Multiple vulnerabilities in libxslt
• Sandbox Profiles (CVE-2016-4594): A local application may be able to access the process list
• WebKit (CVE-2016-4592): Processing maliciously crafted web content may lead to a system denial of service
• WebKit (CVE-2016-4586, CVE-2016-4588, CVE-2016-4589, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624): Processing maliciously crafted web content may lead to arbitrary code execution
• WebKit (CVE-2016-4587): Processing maliciously crafted web content may result in the disclosure of process memory
• WebKit (CVE-2016-4591): Processing maliciously crafted web content may compromise user information on the file system
• WebKit (CVE-2016-4583): Processing maliciously crafted web content may disclose image data from another website
• WebKit Page Loading (CVE-2016-4584):
• Processing maliciously crafted web content may lead to arbitrary code execution
• WebKit Page Loading (CVE-2016-4585): A malicious website may exfiltrate data cross-origin

© The Huntsville Macintosh Users Group 1995-2018
Apple, the Apple Logo, and Macintosh are registered trademarks of Apple, Inc.
Other names may be registered trademarks of their respective owners.