Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

APPLE-SA-2019-8-26-3 tvOS 12.4.1

Related Vulnerabilities: CVE-2019-8605  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="27"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#28">By Date</a>
<a href="29"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="27"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#28">By Thread</a>
<a href="29"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2019-8-26-3 tvOS 12.4.1</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Akila Srinivasan via Fulldisclosure &lt;fulldisclosure () seclists org&gt;


<em>Date</em>: Mon, 26 Aug 2019 10:46:35 -0700


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-8-26-3 tvOS 12.4.1

tvOS 12.4.1 is now available and addresses the following:

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero

Additional recognition

Kernel
We would like to acknowledge @Pwn20wnd for their assistance.

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -&gt; System -&gt; Software Update -&gt; Update Software."

To check the current version of software, select
"Settings -&gt; General -&gt; About."

Information will also be posted to the Apple Security Updates
web site: <a rel="nofollow" href="https://support.apple.com/kb/HT201222">https://support.apple.com/kb/HT201222</a>

This message is signed with Apple's Product Security PGP key,
and details are available at:
<a rel="nofollow" href="https://www.apple.com/support/security/pgp/">https://www.apple.com/support/security/pgp/</a>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl1kFfgACgkQBz4uGe3y
0M3LxxAAhd3dNmgTWTjyWFi43axxWCPBHVudzGWrMFACG4l9025YmqW/A73kO9Jo
j/jEonLUCXzJCzc9bb5t/Mem5Ti1wpHM/HpZ8lpubCU07T4old5N6cAcwVg95YMC
U8xnKBucXTuf3CXk9FUUamDj5RPm9jTzgSQpDvwytMoKjXkaXdN1dTZB4MxTLHg5
tBFTMiIcw7IuI7+DYExTbe71ScLT+JCuShoI9b666B0OjiaBC5mNSj1VJTC5583J
MwgoFK/KP/5T9uIXOqz+sjvcDlTOL6Y6sR78kEwggHTQT1NyAxlck+ht3e9oZzqG
cqe6fJnduYPm4bHJpx2SYqzPrf+2xKzYm0up/thuiQ4SxixsUbC1uljec/zkm4e4
v3jxGYtsckbfjQjRCvXIWKDmtqDPqA0dvRGkNEO+oEsP0YoY1a3SFpgVbq1Cpm89
RkR+/XRa51LQ7+/2xxrHrOeIyJUcm+RRiaME+79umJ8kuNuAlVtqIyqLBqaT5hyd
jteN6pQz2wKHuiectT5AUSQVNNIcFkeEPl6/o4SOeqokQ8zCYSoWn4jAo3U+cpg3
PpYSKrL+fOEGaa82oAUKaEJvOuMM85CTNVmsioMfaPRPSs5K2+4AXshAzckHpNcn
I5ps+5DrSU8qWG/NodcryDArxIchO8aBTSH9DkUVGBeN6L4+E+A=
=U5HO
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="27"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#28">By Date</a>
<a href="29"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="27"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#28">By Thread</a>
<a href="29"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2019-8-26-3 tvOS 12.4.1</strong> <em>Akila Srinivasan via Fulldisclosure (Aug 27)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started