APPLE-SA-2019-3-25-3 tvOS 12.2

tvOS 12.2 is now available and addresses the following:

CFString

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Processing a maliciously crafted string may lead to a denial

of service

Description: A validation issue was addressed with improved logic.

CVE-2019-8516: SWIPS Team of Frifee Inc.

configd

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A malicious application may be able to elevate privileges

Description: A memory initialization issue was addressed with

improved memory handling.

CVE-2019-8552: Mohamed Ghannam (@_simo36)

CoreCrypto

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A malicious application may be able to elevate privileges

Description: A buffer overflow was addressed with improved bounds

checking.

CVE-2019-8542: an anonymous researcher

file

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Processing a maliciously crafted file might disclose user

information

Description: An out-of-bounds read was addressed with improved bounds

checking.

CVE-2019-6237: an anonymous researcher

Foundation

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved

input validation.

CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google

Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel

Groß of Google Project Zero

GeoServices

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Clicking a malicious SMS link may lead to arbitrary code

execution

Description: A memory corruption issue was addressed with improved

validation.

CVE-2019-8553: an anonymous researcher

iAP

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A malicious application may be able to elevate privileges

Description: A buffer overflow was addressed with improved bounds

checking.

CVE-2019-8542: an anonymous researcher

IOHIDFamily

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A local user may be able to cause unexpected system

termination or read kernel memory

Description: A memory corruption issue was addressed with improved

state management.

CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

Kernel

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A remote attacker may be able to cause unexpected system

termination or corrupt kernel memory

Description: A buffer overflow was addressed with improved size

validation.

CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)

Kernel

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A malicious application may be able to determine kernel

memory layout

Description: A memory initialization issue was addressed with

improved memory handling.

CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360  Nirvan Team

Kernel

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved state

management.

CVE-2019-8514: Samuel Groß of Google Project Zero

Kernel

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A local user may be able to read kernel memory

Description: A memory corruption issue was addressed with improved

memory handling.

CVE-2019-7293: Ned Williamson of Google

Kernel

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A malicious application may be able to determine kernel

memory layout

Description: An out-of-bounds read issue existed that led to the

disclosure of kernel memory. This was addressed with improved input

validation.

CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)

CVE-2019-8510: Stefan Esser of Antid0te UG

Power Management

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A malicious application may be able to execute arbitrary code

with system privileges

Description: Multiple input validation issues existed in MIG

generated code. These issues were addressed with improved validation.

CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure

(ssd-disclosure.com)

Siri

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A malicious application may be able to initiate a Dictation

request without user authorization

Description: An API issue existed in the handling of dictation

requests. This issue was addressed with improved validation.

CVE-2019-8502: Luke Deshotels of North Carolina State University,

Jordan Beichler of North Carolina State University, William Enck of

North Carolina State University, Costin Carabaș of University

POLITEHNICA of Bucharest, and Răzvan Deaconescu of University

POLITEHNICA of Bucharest

TrueTypeScaler

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Processing a maliciously crafted font may result in the

disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds

checking.

CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero

Day Initiative

WebKit

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Processing maliciously crafted web content may lead to

universal cross site scripting

Description: A logic issue was addressed with improved validation.

CVE-2019-8551: Ryan Pickren (ryanpickren.com)

WebKit

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Processing maliciously crafted web content may lead to

arbitrary code execution

Description: A memory corruption issue was addressed with improved

state management.

CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team

WebKit

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Processing maliciously crafted web content may lead to

arbitrary code execution

Description: Multiple memory corruption issues were addressed with

improved memory handling.

CVE-2019-6201: dwfault working with ADLab of Venustech

CVE-2019-8518: Samuel Groß of Google Project Zero

CVE-2019-8523: Apple

CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative

CVE-2019-8558: Samuel Groß of Google Project Zero

CVE-2019-8559: Apple

CVE-2019-8563: Apple

WebKit

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A sandboxed process may be able to circumvent sandbox

restrictions

Description: A memory corruption issue was addressed with improved

validation.

CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of

Chaitin Security Research Lab

WebKit

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Processing maliciously crafted web content may lead to

arbitrary code execution

Description: A memory corruption issue was addressed with improved

memory handling.

CVE-2019-8536: Apple

CVE-2019-8544: an anonymous researcher

WebKit

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Processing maliciously crafted web content may disclose

sensitive user information

Description: A cross-origin issue existed with the fetch API. This

was addressed with improved input validation.

CVE-2019-8515: James Lee (@Windowsrcer)

WebKit

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Processing maliciously crafted web content may lead to

arbitrary code execution

Description: A use after free issue was addressed with improved

memory management.

CVE-2019-7285: dwfault working at ADLab of Venustech

CVE-2019-8556: Apple

WebKit

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Processing maliciously crafted web content may lead to

arbitrary code execution

Description: A type confusion issue was addressed with improved

memory handling.

CVE-2019-8506: Samuel Groß of Google Project Zero

WebKit

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A malicious website may be able to execute scripts in the

context of another website

Description: A logic issue was addressed with improved validation.

CVE-2019-8503: Linus Särud of Detectify

WebKit

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: Processing maliciously crafted web content may result in the

disclosure of process memory

Description: A validation issue was addressed with improved logic.

CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

XPC

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A malicious application may be able to overwrite arbitrary

files

Description: This issue was addressed with improved checks.

CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs

Additional recognition

Kernel

We would like to acknowledge Brandon Azad of Google Project Zero for

their assistance.

Safari

We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs

(payatu.com) for their assistance.

WebKit

We would like to acknowledge Andrey Kovalev of Yandex Security Team

for their assistance.

Installation note:

Apple TV will periodically check for software updates. Alternatively,

you may manually check for software updates by selecting

"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select

"Settings -> General -> About."

Information will also be posted to the Apple Security Updates

web site:

This message is signed with Apple's Product Security PGP key,

and details are available at: