{"id":56848,"date":"2024-05-15T18:39:50","date_gmt":"2024-05-15T14:39:50","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178581\/APPLE-SA-05-13-2024-8.txt"},"modified":"2024-05-15T18:39:50","modified_gmt":"2024-05-15T14:39:50","slug":"apple-security-advisory-05-13-2024-8","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/apple-security-advisory-05-13-2024-8\/","title":{"rendered":"Apple Security Advisory 05-13-2024-8"},"content":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256<\/p>\n

APPLE-SA-05-13-2024-8 tvOS 17.5<\/p>\n

tvOS 17.5 addresses the following issues.
Information about the security content is also available at
https:\/\/support.apple.com\/HT214102.<\/p>\n

Apple maintains a Security Releases page at
https:\/\/support.apple.com\/HT201222 which lists recent
software updates with security advisories.<\/p>\n

AppleAVD
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)<\/p>\n

AppleMobileFileIntegrity
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)<\/p>\n

Maps
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to read sensitive location information
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27810: LFY@secsys of Fudan University<\/p>\n

RemoteViewServices
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)<\/p>\n

WebKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker with arbitrary read and write capability may be able
to bypass Pointer Authentication
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 272750
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro’s Zero
Day Initiative<\/p>\n

Additional recognition<\/p>\n

App Store
We would like to acknowledge an anonymous researcher for their
assistance.<\/p>\n

CoreHAP
We would like to acknowledge Adrian Cable for their assistance.<\/p>\n

Managed Configuration
We would like to acknowledge \u9065\u9065\u9886\u5148 (@\u6674\u5929\u7ec4\u7ec7) for their assistance.<\/p>\n

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting “Settings ->
System -> Software Update -> Update Software.” To check the current
version of software, select “Settings -> General -> About.”
All information is also posted on the Apple Security Releases
web site: https:\/\/support.apple.com\/HT201222.<\/p>\n

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https:\/\/www.apple.com\/support\/security\/pgp\/
—–BEGIN PGP SIGNATURE—–<\/p>\n

iQIzBAEBCAAdFiEEsz9altA7uTI+rE\/qX+5d1TXaIvoFAmZCtmQACgkQX+5d1TXa
IvpH5hAAtZjOJDsDvmKZhDYNv+q147EOgkWQL99zvmBReygAUqk+KoLQQkkfRLP7
zTw53l3zvcH5Tar065NTIr\/9jW3MDlZ9ipKU5pwy2R6tWRkh5zug6T7WINpcLybv
6U39illkCn4EOyTZSoET\/kkbuu\/CQ6QUPC\/CX5R\/FtBmAmLNcImRjIgHqRjQKVhO
9ACminYR+gUbsSqn5OfU0hwbvX2pXzqzE8LoOmhgpJyJIbyUUPHt5C6DYmJ79dlf
Ui0rXKF+kwzqDrAPxph3XhCW0F+IvceREMLefUQXxvQ\/0eDZhkCGwyw4\/zezoXhg
k\/rAGQ7EEd27AqyDGyRoLpmFvIXafTp3OrePNPnyjE7j06syH4NnkwQoLerdrW9x
KOCWQYJ9v03SfJpzGQOVA+aP2sHe4jSR4mtq7m7dax6qKjKrLWog7aqu6+pZZ4Ga
9AXLEU7sQgNF8TWosVgpUmQEas8v3GQflUqjHvczPyPr4T8Br5VhiM8FYj9SWsPb
mO\/57\/3kdsaU6DrD1C1mf5SAjFFi65ox78n8hdXOe1B02fvpDOXyz278XBuVMWE0
CfhrwhXicP0itQp\/KtgrnT+iUhkuPieNBiped\/KHPfe9YXOfpjGrtcPQfximiYsD
rGPnxm5tCJPobmTzRUdsu9TSInqUP291SOvkyX1DEQUkIszm6ao=
=oc3g
—–END PGP SIGNATURE—–<\/p>\n","protected":false},"excerpt":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—–Hash: SHA256 APPLE-SA-05-13-2024-8 tvOS 17.5 tvOS 17.5 addresses the following issues.Information about the security content is also available athttps:\/\/support.apple.com\/HT214102. Apple maintains a Security Releases page athttps:\/\/support.apple.com\/HT201222 which lists recentsoftware updates with security advisories. AppleAVDAvailable for: Apple TV HD and Apple TV 4K (all models)Impact: An app may be able to execute arbitrary …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56848","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56848","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56848"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56848\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}