{"id":58532,"date":"2024-07-30T17:40:32","date_gmt":"2024-07-30T14:40:32","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179825\/APPLE-SA-07-29-2024-8.txt"},"modified":"2024-07-30T17:40:32","modified_gmt":"2024-07-30T14:40:32","slug":"apple-security-advisory-07-29-2024-8","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/apple-security-advisory-07-29-2024-8\/","title":{"rendered":"Apple Security Advisory 07-29-2024-8"},"content":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211;<br \/>Hash: SHA256<\/p>\n<p>APPLE-SA-07-29-2024-8 tvOS 17.6<\/p>\n<p>tvOS 17.6 addresses the following issues.<br \/>Information about the security content is also available at<br \/>https:\/\/support.apple.com\/HT214122.<\/p>\n<p>Apple maintains a Security Releases page at<br \/>https:\/\/support.apple.com\/HT201222 which lists recent<br \/>software updates with security advisories.<\/p>\n<p>AppleMobileFileIntegrity<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: An app may be able to bypass Privacy preferences<br \/>Description: A downgrade issue was addressed with additional code-<br \/>signing restrictions.<br \/>CVE-2024-40774: Mickey Jin (@patch1t)<\/p>\n<p>CoreGraphics<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: Processing a maliciously crafted file may lead to unexpected app<br \/>termination<br \/>Description: An out-of-bounds read issue was addressed with improved<br \/>input validation.<br \/>CVE-2024-40799: D4m0n<\/p>\n<p>dyld<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: A malicious attacker with arbitrary read and write capability<br \/>may be able to bypass Pointer Authentication<br \/>Description: A race condition was addressed with additional validation.<br \/>CVE-2024-40815: w0wbox<\/p>\n<p>Family Sharing<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: An app may be able to read sensitive location information<br \/>Description: This issue was addressed with improved data protection.<br \/>CVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji<\/p>\n<p>ImageIO<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: Processing an image may lead to a denial-of-service<br \/>Description: This is a vulnerability in open source code and Apple<br \/>Software is among the affected projects. The CVE-ID was assigned by a<br \/>third party. Learn more about the issue and CVE-ID at cve.org.<br \/>CVE-2023-6277<br \/>CVE-2023-52356<\/p>\n<p>ImageIO<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: Processing a maliciously crafted file may lead to unexpected app<br \/>termination<br \/>Description: An out-of-bounds read issue was addressed with improved<br \/>input validation.<br \/>CVE-2024-40806: Yisumi<\/p>\n<p>ImageIO<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: Processing a maliciously crafted file may lead to unexpected app<br \/>termination<br \/>Description: An out-of-bounds access issue was addressed with improved<br \/>bounds checking.<br \/>CVE-2024-40777: Junsung Lee working with Trend Micro Zero Day<br \/>Initiative, and Amir Bazine and Karsten K\u00f6nig of CrowdStrike Counter<br \/>Adversary Operations<\/p>\n<p>ImageIO<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: Processing a maliciously crafted file may lead to unexpected app<br \/>termination<br \/>Description: An integer overflow was addressed with improved input<br \/>validation.<br \/>CVE-2024-40784: Junsung Lee working with Trend Micro Zero Day Initiative<br \/>and Gandalf4a<\/p>\n<p>Kernel<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: A local attacker may be able to determine kernel memory layout<br \/>Description: An information disclosure issue was addressed with improved<br \/>private data redaction for log entries.<br \/>CVE-2024-27863: CertiK SkyFall Team<\/p>\n<p>Kernel<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: A local attacker may be able to cause unexpected system shutdown<br \/>Description: A type confusion issue was addressed with improved memory<br \/>handling.<br \/>CVE-2024-40788: Minghao Lin and Jiaxun Zhu from Zhejiang University<\/p>\n<p>libxpc<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: An app may be able to bypass Privacy preferences<br \/>Description: A permissions issue was addressed with additional<br \/>restrictions.<br \/>CVE-2024-40805<\/p>\n<p>Sandbox<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: An app may be able to bypass Privacy preferences<br \/>Description: This issue was addressed through improved state management.<br \/>CVE-2024-40824: Wojciech Regula of SecuRing (wojciechregula.blog) and<br \/>Zhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong<\/p>\n<p>WebKit<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: Processing maliciously crafted web content may lead to an<br \/>unexpected process crash<br \/>Description: A use-after-free issue was addressed with improved memory<br \/>management.<br \/>WebKit Bugzilla: 273176<br \/>CVE-2024-40776: Huang Xilin of Ant Group Light-Year Security Lab<br \/>WebKit Bugzilla: 268770<br \/>CVE-2024-40782: Maksymilian Motyl<\/p>\n<p>WebKit<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: Processing maliciously crafted web content may lead to an<br \/>unexpected process crash<br \/>Description: An out-of-bounds read was addressed with improved bounds<br \/>checking.<br \/>WebKit Bugzilla: 275431<br \/>CVE-2024-40779: Huang Xilin of Ant Group Light-Year Security Lab<br \/>WebKit Bugzilla: 275273<br \/>CVE-2024-40780: Huang Xilin of Ant Group Light-Year Security Lab<\/p>\n<p>WebKit<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: Processing maliciously crafted web content may lead to a cross<br \/>site scripting attack<br \/>Description: This issue was addressed with improved checks.<br \/>WebKit Bugzilla: 273805<br \/>CVE-2024-40785: Johan Carlsson (joaxcar)<\/p>\n<p>WebKit<br \/>Available for: Apple TV HD and Apple TV 4K (all models)<br \/>Impact: Processing maliciously crafted web content may lead to an<br \/>unexpected process crash<br \/>Description: An out-of-bounds access issue was addressed with improved<br \/>bounds checking.<br \/>CVE-2024-40789: Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with<br \/>Trend Micro Zero Day Initiative<\/p>\n<p>Apple TV will periodically check for software updates. Alternatively,<br \/>you may manually check for software updates by selecting &#8220;Settings -&gt;<br \/>System -&gt; Software Update -&gt; Update Software.&#8221; To check the current<br \/>version of software, select &#8220;Settings -&gt; General -&gt; About.&#8221;<br \/>All information is also posted on the Apple Security Releases<br \/>web site: https:\/\/support.apple.com\/HT201222.<\/p>\n<p>This message is signed with Apple&#8217;s Product Security PGP key,<br \/>and details are available at:<br \/>https:\/\/www.apple.com\/support\/security\/pgp\/<br \/>&#8212;&#8211;BEGIN PGP SIGNATURE&#8212;&#8211;<\/p>\n<p>iQIzBAEBCAAdFiEEsz9altA7uTI+rE\/qX+5d1TXaIvoFAmaoIFQACgkQX+5d1TXa<br \/>IvrqRg\/+Klv\/Cy1M7Ii5T\/jTDQ9ggrY36CjR6GJaFwXMlC++eNYidc9LeVNU72PI<br \/>F7GpQ6ZntYJZzEm1YGUOjkU38IYid5lnfDQHsfTTm8Pzmk+1vbcLDYEfsoeGK81F<br \/>7qcirUzseRYBmvbei2X2HqiGh\/bLJgHUb433lDPQcVIUNmvdYuGtaDYNnbhOJ80u<br \/>+LET8E2GjIVWY15ZtSHC59OctUPtI6l6HrncqLTjXegePCqLC2Z4BIGmnPoyOGSf<br \/>zTgFXSfekwZ\/5y6PKPhDu+NgrrCI+IhP20mO0pj2IhQgd56yEdF6P7dYrWlElQmi<br \/>\/MoMZTzfxQPBzHxcfmG4ANqMSJzE3oZ737r32o4dwsdIiBJ9JG+UV9722kk+CH+7<br \/>NKN1GBxf05kEXXJ+Y4c9VyCMQVxW9RaPQic89WoWA7JQsrmah8osHFnxTxL4d12X<br \/>cR5JohihgI+EE4N+MqlT\/CKE+0r\/Oy6yalRCJQugA1fBQiIa57twRK3+sGQUqtn0<br \/>fI2PmXTkF47pm9ed7foE+XtknEerfvGruWH3SUAKo46Q3yUGvR1cQ4v1lzXG51AR<br \/>+6rV79CKWRztAqXS6uermURsTBcUDnnHH+9HH+2kLOyNuQ\/F6Th1Ng1CUWrMJeSf<br \/>eE1sp6m+eR3uuUPwfEPZwJxhlUlZj4kaQE8gipr3DBrZFCJY6To=<br \/>=prdc<br \/>&#8212;&#8211;END PGP SIGNATURE&#8212;&#8211;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211;Hash: SHA256 APPLE-SA-07-29-2024-8 tvOS 17.6 tvOS 17.6 addresses the following issues.Information about the security content is also available athttps:\/\/support.apple.com\/HT214122. Apple maintains a Security Releases page athttps:\/\/support.apple.com\/HT201222 which lists recentsoftware updates with security advisories. AppleMobileFileIntegrityAvailable for: Apple TV HD and Apple TV 4K (all models)Impact: An app may be able to bypass Privacy &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58532","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58532"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58532\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}