what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2015-03-09-2

Apple Security Advisory 2015-03-09-2
Posted Mar 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-2 - AppleTV 7.1 is now available and addresses folder creation, code execution, and tls-related vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2015-1061, CVE-2015-1062, CVE-2015-1067
SHA-256 | 020635beec9890ce5aa20321ca3adb375938c809061e1d9e83912740301fc4d9

Apple Security Advisory 2015-03-09-2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2015-03-09-2 AppleTV 7.1

AppleTV 7.1 is now available and addresses the following:

Apple TV
Available for: Apple TV 3rd generation and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys,
usually used only in export-strength RSA cipher suites, on
connections using full-strength RSA cipher suites. This issue, also
known as FREAK, only affected connections to servers which support
export-strength RSA cipher suites, and was addressed by removing
support for ephemeral RSA keys.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
Prosecco at Inria Paris

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface's handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero

Apple TV
Available for: Apple TV 3rd generation and later
Impact: An malicious application may be able to create folders in
trusted locations in the file system
Description: An issue existed in the developer disk mounting logic
which resulted in invalid disk image folders not being deleted. This
was addressed through improved error handling.
CVE-ID
CVE-2015-1062 : TaiG Jailbreak Team


Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBAgAGBQJU/fW0AAoJEBcWfLTuOo7tgB4QAKVJr+8kvnK/mrbpdFQOIc61
9NpRGZXQ2jTrDJonQkFJuY/IPwNGouzuD19Ozv2t+Pfd1HBC/iOp/pS43XkI7oaJ
YSQdy8dQ0oFTXWcOeIjSPvWALgplDhFn6URHDO1lHFJ1Ya9A5nsncJTH7I7MGo8I
x/SDuDiiy9XbcigcMZochNeP+tyv1Py8RkrT2ftrBKjX1VbLI2OH+nC+Qqvk3b+K
Xlnqqm6sdUwYZF9My7+MN9qkg0M2wBpItYa0+8yWIDqsBzz2mCM6IhLPfH6JUY0x
SzXtZeDc3xFU93A8qnDIvA75OlHlLztqxefnfRXt3PxZugkj/b1nATTAYEtykXvo
xdsCGYzgmQxgVnqRRijOh5Q+nUFEzrcVufwke4Z5Sp6rVfI02nM4cphYUqc/mZ2N
vBAIG1q4yv9q1GUhvyaD5ovVLdR6MTmdaTQCL/GPpMDKbsDU5Rjlm5eQwklY6438
gGpwqImimqpuQKswNppAUNQftXiGkp2/+hhW3awxgPNRhQTFO1Jdc67ChJfSuz0Y
80XAYyC3Gbdy4raUc9eZT7l1wkrGWSINfF8LdjnR9/Sx9F3XU94hFieITOe1/+em
xHiRAWa0yZ788WwDieVhaGO6IoMBTGAiFiY8vHSGGej2Ub8/pBcasuLGy+ayy86P
d4MfU3w/jKBRBd4bdrbz
=gaCp
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close