-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-2 tvOS 9.1

tvOS 9.1 is now available and addresses the following:

AppleMobileFileIntegrity
Available for:  Apple TV (4th generation)
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  An access control issue was addressed by preventing
modification of access control structures.
CVE-ID
CVE-2015-7055 : Apple

AppSandbox
Available for:  Apple TV (4th generation)
Impact:  A malicious application may maintain access to Contacts
after having access revoked
Description:  An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt

Compression
Available for:  Apple TV (4th generation)
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru

Configuration Profiles
Available for:  Apple TV (4th generation)
Impact:  A local attacker may be able to install a configuration
profile without admin privileges
Description:  An issue existed when installing configuration
profiles. This issue was addressed through improved authorization
checks.
CVE-ID
CVE-2015-7062 : David Mulder of Dell Software

CoreGraphics
Available for:  Apple TV (4th generation)
Impact:  Processing a maliciously crafted font file may lead to
arbitrary code execution
Description:  A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team

CoreMedia Playback
Available for:  Apple TV (4th generation)
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074
CVE-2015-7075 : Apple

Disk Images
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7110 : Ian Beer of Google Project Zero

dyld
Available for:  Apple TV (4th generation)
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  Multiple segment validation issues existed in dyld.
These were addressed through improved environment sanitization.
CVE-ID
CVE-2015-7072 : Apple
CVE-2015-7079 : PanguTeam

ImageIO
Available for:  Apple TV (4th generation)
Impact:  Processing a maliciously crafted image may lead to arbitrary
code execution
Description:  A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple

IOAcceleratorFamily
Available for:  Apple TV (4th generation)
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7109 : Juwei Lin of TrendMicro

IOHIDFamily
Available for:  Apple TV (4th generation)
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero

IOKit SCSI
Available for:  Apple TV (4th generation)
Impact:  A malicious application may be able to execute arbitrary
code with kernel privileges
Description:  A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero

Kernel
Available for:  Apple TV (4th generation)
Impact:  A local application may be able to cause a denial of service
Description:  Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)

Kernel
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero

Kernel
Available for:  Apple TV (4th generation)
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero

Keychain Access
Available for:  Apple TV (4th generation)
Impact:  A malicious application may be able to masquerade as the
Keychain Server.
Description:  An issue existed in how Keychain Access interacted with
Keychain Agent. This issue was resolved by removing legacy
functionality.
CVE-ID
CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University
Bloomington, Xiaolong Bai of Indiana University Bloomington and
Tsinghua University, Tongxin Li of Peking University, Kai Chen of
Indiana University Bloomington and Institute of Information
Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi-
Min Hu of Tsinghua University, and Xinhui Han of Peking University

libarchive
Available for:  Apple TV (4th generation)
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift

libc
Available for:  Apple TV (4th generation)
Impact:  Processing a maliciously crafted package may lead to
arbitrary code execution
Description:  Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)

libxml2
Available for:  Apple TV (4th generation)
Impact:  Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description:  A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University

MobileStorageMounter
Available for:  Apple TV (4th generation)
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A timing issue existed in loading of the trust cache.
This issue was addressed by validating the system environment before
loading the trust cache.
CVE-ID
CVE-2015-7051 : PanguTeam

OpenGL
Available for:  Apple TV (4th generation)
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple

Sandbox
Available for:  Apple TV (4th generation)
Impact:  A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description:  An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple

Security
Available for:  Apple TV (4th generation)
Impact:  A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description:  A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.

Security
Available for:  Apple TV (4th generation)
Impact:  Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description:  Multiple memory corruption issues existed in the ASN.1
decoder. These issues were addressed through improved input
validation
CVE-ID
CVE-2015-7059 : David Keeler of Mozilla
CVE-2015-7060 : Tyson Smith of Mozilla
CVE-2015-7061 : Ryan Sleevi of Google

Security
Available for:  Apple TV (4th generation)
Impact:  A malicious application may gain access to a user's Keychain
items
Description:  An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058

WebKit
Available for:  Apple TV (4th generation)
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7048 : Apple
CVE-2015-7095 : Apple
CVE-2015-7096 : Apple
CVE-2015-7097 : Apple
CVE-2015-7098 : Apple
CVE-2015-7099 : Apple
CVE-2015-7100 : Apple
CVE-2015-7101 : Apple
CVE-2015-7102 : Apple
CVE-2015-7103 : Apple
CVE-2015-7104 : Apple

WebKit
Available for:  Apple TV (4th generation)
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWZ0h6AAoJEBcWfLTuOo7tyYwP/0PVcJ9ykd+f8Lv9xZhfAT0t
RhWFRFypSVM2QK5FniUTuXUJzbltCe5dSpzsijljHg+ArWZo3n1uk4qV8ePSBruT
q9g8wLuy2Af1GIaFi0dle4EVrNyilzeYgLXnTc4QSZpmGgEBb6BMQGWV4WlQ0F1K
QznutibAHxLx03kjZ0rjkkDRGm11ZgWOxGpLYRyHz9FflLM3kywWeyP/3BTjqxhe
TL7zmgEHkKUoE9sJtx1sJxsImgLPCCyZxtIiaUAd1oW1Qw8wn9yqdXIPaKxc/mGV
toSIDyNTEDvn6nBHp9maBnA0jpX+f4un5h3fD/6JphxqFLqkQa6cvoNmicxLNE+4
uPxYdpzwEGfSWnVlaeSfi3cjJVeGvUs0dBSRVjSqJHDJsFowftM/e3WcDWFRNLbq
8bz8ty19wjsPzt/pzpTyRHbehqarwQPj3HJgSd01t3mWVEfhUHXiBnRqNtgcMmyp
oJ9FGCZs1+4uuH48tmZMj/cO9EA9RsjmqeeoSyuwH6aRIp4iI/qraF9VOilyzq4F
/jwCTlOQLU9lORcdDKYKhWef/MrSeAP3f5VQXlnneuyCDjlSngplOvPaS0fJhnzg
+J+HJe4a5B6SxSDuQfGTelkoukWOmDTWmUbS884oMRjKlSjIiJXQtUlby64Z74w2
i9h0XMH2VsnIEt6QHnAd
=rqk9
-----END PGP SIGNATURE-----