Detections
Analytics
Apple TV < 7.0.2 Multiple Vulnerabilities
high Nessus Plugin ID 79360
Language:
Synopsis
The remote device is affected by multiple vulnerabilities.Description
According to its banner, the remote Apple TV device is a version prior to 7.0.2. It is, therefore, affected by the following vulnerabilities :- Multiple memory corruption issues exist related to the included version of WebKit that allow application crashes or arbitrary code execution. (CVE-2014-4452, CVE-2014-4462)
- A state management issue exists due to improperly handling overlapping segments in Mach-O executable files. A local user can exploit this issue to execute unsigned code. (CVE-2014-4455)
- A remote code execution issue exists due to improper validation of metadata fields in IOSharedDataQueue objects. (CVE-2014-4461)
Solution
Upgrade to Apple TV 7.0.2 or later. Note that this update is only available for 3rd generation and later models.See Also
https://support.apple.com/en-us/HT204420
https://www.securityfocus.com/archive/1/534005/30/0/threaded
Plugin Details
Severity: High
ID: 79360
File Name: appletv_7_0_2.nasl
Version: 1.4
Type: remote
Family: Misc.
Published: 11/20/2014
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:apple:apple_tv
Required KB Items: www/appletv
Exploit Ease: No known exploits are available
Patch Publication Date: 11/17/2014
Vulnerability Publication Date: 11/17/2014
Reference Information
CVE: CVE-2014-4452, CVE-2014-4455, CVE-2014-4461, CVE-2014-4462
BID: 71136, 71137, 71140, 71142
APPLE-SA: APPLE-SA-2014-11-17-3