Security
Headlines
HeadlinesLatestCVEs

Headline

Apple Security Advisory 05-13-2024-8

Apple Security Advisory 05-13-2024-8 - tvOS 17.5 addresses bypass and code execution vulnerabilities.

Packet Storm
#vulnerability#web#apple#js#auth#webkit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-05-13-2024-8 tvOS 17.5

tvOS 17.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214102.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)

AppleMobileFileIntegrity
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)

Maps
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to read sensitive location information
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27810: LFY@secsys of Fudan University

RemoteViewServices
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)

WebKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker with arbitrary read and write capability may be able
to bypass Pointer Authentication
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 272750
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro’s Zero
Day Initiative

Additional recognition

App Store
We would like to acknowledge an anonymous researcher for their
assistance.

CoreHAP
We would like to acknowledge Adrian Cable for their assistance.

Managed Configuration
We would like to acknowledge 遥遥领先 (@晴天组织) for their assistance.

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting “Settings ->
System -> Software Update -> Update Software.” To check the current
version of software, select “Settings -> General -> About.”
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/HT201222.

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCtmQACgkQX+5d1TXa
IvpH5hAAtZjOJDsDvmKZhDYNv+q147EOgkWQL99zvmBReygAUqk+KoLQQkkfRLP7
zTw53l3zvcH5Tar065NTIr/9jW3MDlZ9ipKU5pwy2R6tWRkh5zug6T7WINpcLybv
6U39illkCn4EOyTZSoET/kkbuu/CQ6QUPC/CX5R/FtBmAmLNcImRjIgHqRjQKVhO
9ACminYR+gUbsSqn5OfU0hwbvX2pXzqzE8LoOmhgpJyJIbyUUPHt5C6DYmJ79dlf
Ui0rXKF+kwzqDrAPxph3XhCW0F+IvceREMLefUQXxvQ/0eDZhkCGwyw4/zezoXhg
k/rAGQ7EEd27AqyDGyRoLpmFvIXafTp3OrePNPnyjE7j06syH4NnkwQoLerdrW9x
KOCWQYJ9v03SfJpzGQOVA+aP2sHe4jSR4mtq7m7dax6qKjKrLWog7aqu6+pZZ4Ga
9AXLEU7sQgNF8TWosVgpUmQEas8v3GQflUqjHvczPyPr4T8Br5VhiM8FYj9SWsPb
mO/57/3kdsaU6DrD1C1mf5SAjFFi65ox78n8hdXOe1B02fvpDOXyz278XBuVMWE0
CfhrwhXicP0itQp/KtgrnT+iUhkuPieNBiped/KHPfe9YXOfpjGrtcPQfximiYsD
rGPnxm5tCJPobmTzRUdsu9TSInqUP291SOvkyX1DEQUkIszm6ao=
=oc3g
-----END PGP SIGNATURE-----

Related news

Apple Security Advisory 07-29-2024-9

Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6788-1

Ubuntu Security Notice 6788-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Debian Security Advisory 5695-1

Debian Linux Security Advisory 5695-1 - Manfred Paul discovered that an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication in the WebKitGTK web engine.

Apple Security Advisory 05-13-2024-7

Apple Security Advisory 05-13-2024-7 - watchOS 10.5 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 05-13-2024-4

Apple Security Advisory 05-13-2024-4 - macOS Sonoma 14.5 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 05-13-2024-2

Apple Security Advisory 05-13-2024-2 - iOS 17.5 and iPadOS 17.5 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 05-13-2024-1

Apple Security Advisory 05-13-2024-1 - Safari 17.5 addresses a bypass vulnerability.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution