From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
Date: Tue, 26 Sep 2023 14:32:03 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-09-26-2023-9 tvOS 17
tvOS 17 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213936.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Airport
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to read sensitive location information
Description: A permissions issue was addressed with improved redaction
of sensitive information.
CVE-2023-40384: Adam M.
App Store
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A remote attacker may be able to break out of Web Content
sandbox
Description: The issue was addressed with improved handling of
protocols.
CVE-2023-40448: w0wbox
Apple Neural Engine
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-40432: Mohamed GHANNAM (@_simo36)
CVE-2023-41174: Mohamed GHANNAM (@_simo36)
CVE-2023-40409: Ye Zhang (@VAR10CK) of Baidu Security
CVE-2023-40412: Mohamed GHANNAM (@_simo36)
Apple Neural Engine
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use-after-free issue was addressed with improved memory
management.
CVE-2023-41071: Mohamed GHANNAM (@_simo36)
Apple Neural Engine
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2023-40399: Mohamed GHANNAM (@_simo36)
Apple Neural Engine
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2023-40410: Tim Michaud (@TimGMichaud) of Moveworks.ai
AuthKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved handling of caches.
CVE-2023-32361: Csaba Fitzl (@theevilbit) of Offensive Security
Bluetooth
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker in physical proximity can cause a limited out of
bounds write
Description: The issue was addressed with improved checks.
CVE-2023-35984: zer0k
bootp
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-41065: Adam M., and Noah Roskin-Frazee and Professor Jason Lau
(ZeroClicks.ai Lab)
CFNetwork
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may fail to enforce App Transport Security
Description: The issue was addressed with improved handling of
protocols.
CVE-2023-38596: Will Brattain at Trail of Bits
CoreAnimation
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2023-40420: 이준성(Junsung Lee) of Cross Republic
Dev Tools
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2023-32396: Mickey Jin (@patch1t)
Game Center
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access contacts
Description: The issue was addressed with improved handling of caches.
CVE-2023-40395: Csaba Fitzl (@theevilbit) of Offensive Security
GPU Drivers
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2023-40391: Antonio Zekic (@antoniozekic) of Dataflow Security
Kernel
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker that has already achieved kernel code execution may
be able to bypass kernel memory mitigations
Description: The issue was addressed with improved memory handling.
CVE-2023-41981: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-41984: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.
Kernel
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with improved validation.
CVE-2023-40429: Michael (Biscuit) Thomas and 张师傅(@京东蓝军)
libpcap
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A remote user may cause an unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2023-40400: Sei K.
libxpc
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to delete files for which it does not have
permission
Description: A permissions issue was addressed with additional
restrictions.
CVE-2023-40454: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
(xlab.tencent.com)
libxpc
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access protected user data
Description: An authorization issue was addressed with improved state
management.
CVE-2023-41073: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
(xlab.tencent.com)
libxslt
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing web content may disclose sensitive information
Description: The issue was addressed with improved memory handling.
CVE-2023-40403: Dohyun Lee (@l33d0hyun) of PK Security
Maps
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to read sensitive location information
Description: The issue was addressed with improved handling of caches.
CVE-2023-40427: Adam M., and Wojciech Regula of SecuRing
(wojciechregula.blog)
MobileStorageMounter
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A user may be able to elevate privileges
Description: An access issue was addressed with improved access
restrictions.
CVE-2023-41068: Mickey Jin (@patch1t)
Photos Storage
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access edited photos saved to a temporary
directory
Description: The issue was addressed with improved checks.
CVE-2023-40456: Kirin (@Pwnrin)
CVE-2023-40520: Kirin (@Pwnrin)
Pro Res
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-41063: Certik Skyfall Team
Sandbox
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to overwrite arbitrary files
Description: The issue was addressed with improved bounds checks.
CVE-2023-40452: Yiğit Can YILMAZ (@yilmazcanyigit)
Simulator
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to gain elevated privileges
Description: The issue was addressed with improved checks.
CVE-2023-40419: Arsenii Kostromin (0x3c3e)
StorageKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to read arbitrary files
Description: This issue was addressed with improved validation of
symlinks.
CVE-2023-41968: Mickey Jin (@patch1t), James Hutchins
WebKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256551
CVE-2023-41074: 이준성(Junsung Lee) of Cross Republic and me Li
WebKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 239758
CVE-2023-35074: Abysslab Dong Jun Kim(@smlijun) and Jong Seong
Kim(@nevul37)
Additional recognition
Airport
We would like to acknowledge Adam M., and Noah Roskin-Frazee and
Professor Jason Lau (ZeroClicks.ai Lab) for their assistance.
AppSandbox
We would like to acknowledge Kirin (@Pwnrin) for their assistance.
Audio
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.
Bluetooth
We would like to acknowledge Jianjun Dai and Guang Gong of 360
Vulnerability Research Institute for their assistance.
Control Center
We would like to acknowledge Chester van den Bogaard for their
assistance.
Kernel
We would like to acknowledge Bill Marczak of The Citizen Lab at The
University of Toronto's Munk School and Maddie Stone of Google's Threat
Analysis Group, 永超 王 for their assistance.
libxml2
We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project
Zero for their assistance.
libxpc
We would like to acknowledge an anonymous researcher for their
assistance.
libxslt
We would like to acknowledge Dohyun Lee (@l33d0hyun) of PK Security,
OSS-Fuzz, and Ned Williamson of Google Project Zero for their
assistance.
NSURL
We would like to acknowledge Zhanpeng Zhao (行之) and 糖豆爸爸(@晴天组织) for
their assistance.
Photos
We would like to acknowledge Dawid Pałuska and Kirin (@Pwnrin) for their
assistance.
Photos Storage
We would like to acknowledge Wojciech Regula of SecuRing
(wojciechregula.blog) for their assistance.
Power Services
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.
Shortcuts
We would like to acknowledge Alfie Cockell Gwinnett, Christian Basting
of Bundesamt für Sicherheit in der Informationstechnik, Cristian Dinca
of "Tudor Vianu" National High School of Computer Science, Romania,
Giorgos Christodoulidis, Jubaer Alnazi of TRS Group Of Companies,
KRISHAN KANT DWIVEDI, and Matthew Butler for their assistance.
Software Update
We would like to acknowledge Omar Siman for their assistance.
Spotlight
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College Of Technology Bhopal, and Dawid Pałuska for their
assistance.
StorageKit
We would like to acknowledge Mickey Jin (@patch1t) for their
assistance.
WebKit
We would like to acknowledge Khiem Tran, Narendra Bhati From Suma Soft
Pvt. Ltd, and an anonymous researcher for their assistance.
Wi-Fi
We would like to acknowledge Wang Yu of Cyberserval for their
assistance.
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting "Settings ->
System -> Software Update -> Update Software." To check the current
version of software, select "Settings -> General -> About."
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUTSJoACgkQX+5d1TXa
IvpJvw/+OKqntqggqPkx4TXqH+nCchp4wj3KCjmdtULgoYL2BStw+jXAl9Z/Wnyi
uhg7YgboJb+jFc2UbYNG/w6Ks4qnh1P/4xwd8KfiGH+u0pblR24DDyNOPA6X+F4c
CJ2jfagKi7xOM/Djm0mkrkZ1PeiXkx5k4bBLL+I8ckadCZinecn0tZur0gwAzN/y
e113vKgGJDvVn257inJ063d7d+R4gdDNznMq4Mg5+gtbWoz9OZ6gHiTj+u8jwrlh
+10ZOBtTHGQ612OptUB2FcyLn439CQhftHlc91L5Am2HsduesB6MBmtiZlfFMaca
P8Vur6sh/k34roqaWVW2ljvMkqZMJSocTgjzMsVN87itikXT9ua5HbcInnkCMx+A
8gtOnogY/lsm446Qu0mH0MYAZLSbQ9OYzJor9fax9PV+ysmOGn2SfM2o6DKPXjCE
74+yFAiv+lo3yrr68SQea/PiDxhMt7+i/Ia7vO5gg1HkqANFc0//KC2pObdGSNu6
cWJQUcGqOvU/jqnIO9WLXRnSDdXsRGLJ8xXSAYL8M2FdW5Md/tvQ3/p+/6kwXfnq
cXwM/92G0mx1GFeapToP0NCjUwx4ARCw9d1Y+5keZ4gRaVOJzy/96WKzbc5blVGH
C5RT/4ty1vpgbCcI8kmDt0WD2nvTnwoNgBaEti/iC3Lzu+M52wA=
=Zq9i
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- APPLE-SA-09-26-2023-9 tvOS 17 Apple Product Security via Fulldisclosure (Oct 02)