![]() |
Security Update: tvOS 9.2.2
(2016-07-18)Apple has updated tvOS to version 9.2.2 for the 4th generation AppleTV. This update addresses the following security related issues:
- CoreGraphics (CVE-2016-4637): A remote attacker may be able to execute arbitrary code
- ImageIO (CVE-2016-4631): A remote attacker may be able to execute arbitrary code
- ImageIO (CVE-2016-4632): A remote attacker may be able to cause a denial of service
- IOAcceleratorFamily (CVE-2016-4627): A local user may be able to execute arbitrary code with kernel privileges
- IOHIDFamily )CVE-2016-4626_: A local user may be able to execute arbitrary code with kernel privileges
- Kernel (CVE-2016-1863, CVE-2016-1864, CVE-2016-4582): A local user may be able to execute arbitrary code with kernel privileges
- Kernel (CVE-2016-1865): A local user may be able to cause a system denial of service
- libxml2 (CVE-2016-4448, CVE-2016-4483, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619): Multiple vulnerabilities in libxml2
- libxml2 (CVE-2016-4449): Parsing a maliciously crafted XML document may lead to disclosure of user information
- libxslt (CVE-2016-1684, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612): Multiple vulnerabilities in libxslt
- Sandbox Profiles (CVE-2016-4594): A local application may be able to access the process list
- WebKit (CVE-2016-4592): Processing maliciously crafted web content may lead to a system denial of service
- WebKit (CVE-2016-4586, CVE-2016-4588, CVE-2016-4589, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624): Processing maliciously crafted web content may lead to arbitrary code execution
- WebKit (CVE-2016-4587): Processing maliciously crafted web content may result in the disclosure of process memory
- WebKit (CVE-2016-4591): Processing maliciously crafted web content may compromise user information on the file system
- WebKit (CVE-2016-4583): Processing maliciously crafted web content may disclose image data from another website
- WebKit Page Loading (CVE-2016-4584):
- Processing maliciously crafted web content may lead to arbitrary code execution
- WebKit Page Loading (CVE-2016-4585): A malicious website may exfiltrate data cross-origin