SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Apple TV Vendors:   Apple
(Apple Issues Fix for Apple TV) QuickTime Movie and PICT File Processing Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020469
SecurityTracker URL:  http://securitytracker.com/id/1020469
CVE Reference:   CVE-2008-0036   (Links to External Site)
Date:  Jul 10 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.1
Description:   Several vulnerabilities were reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. Apple TV is affected.

A remote user can create a specially crafted movie file or PICT image file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

A specially crafted Sorenson 3 video file can trigger code execution [CVE-2008-0031]. Joe Schottman of Virginia Tech reported this vulnerability.

Specially crafted Macintosh resource records in movie files can trigger code execution [CVE-2008-0032]. Jun Mao of VeriSign iDefense Labs reported this vulnerability.

Specially crafted Image Descriptor (IDSC) atoms can trigger code execution [CVE-2008-0033]. Cody Pierce of TippingPoint DVLabs reported this vulnerability.

A specally crafted compressed PICT file can trigger code execution [CVE-2008-0036]. Chris Ries of Carnegie Mellon University Computing Services reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   Apple has released a fix for Apple TV, which is affected by CVE-2008-0036.

The Apple advisory is available at:

http://support.apple.com/kb/HT2304

Vendor URL:  docs.info.apple.com/article.html?artnum=307301 (Links to External Site)
Cause:   Access control error, Boundary error

Message History:   This archive entry is a follow-up to the message listed below.
Jan 16 2008 QuickTime Movie and PICT File Processing Bugs Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  APPLE-SA-2008-07-10 Apple TV 2.1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2008-07-10 Apple TV 2.1

Apple TV 2.1 is now available and addresses the following issues:

Apple TV
CVE-ID:  CVE-2008-1015
Available for:  Apple TV
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  An issue in the handling of data reference atoms may
result in a buffer overflow. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue by performing additional
validation of data reference atoms. Credit to Chris Ries of Carnegie
Mellon University Computing Services for reporting this issue.

Apple TV
CVE-ID:  CVE-2008-1017
Available for:  Apple TV
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  An issue in the parsing of 'crgn' atoms may result in a
heap buffer overflow. Viewing a maliciously crafted movie file may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved bounds
checking. Credit to Sanbin Li working with TippingPoint's Zero Day
Initiative for reporting this issue.

Apple TV
CVE-ID:  CVE-2008-1018
Available for:  Apple TV
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  An issue in the parsing of 'chan' atoms may result in a
heap buffer overflow. Viewing a maliciously crafted movie file may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved bounds
checking. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.

Apple TV
CVE-ID:  CVE-2008-1585
Available for:  Apple TV
Impact:  Playing maliciously crafted QuickTime content may lead to
arbitrary code execution
Description:  A URL handling issue exists in the handling of file:
URLs. This may allow arbitrary applications and files to be launched
when a user plays maliciously crafted QuickTime content. This update
addresses the issue by not longer launching local applications and
files. Credit to Vinoo Thomas and Rahul Mohandas of McAfee Avert
Labs, and Petko D. (pdp) Petkov of GNUCITIZEN working with
TippingPoint's Zero Day Initiative for reporting this issue.

Apple TV
CVE-ID:  CVE-2008-0234
Available for:  Apple TV
Impact:  Playing maliciously crafted QuickTime content may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow exists in the handling of HTTP
responses when RTSP tunneling is enabled. Playing maliciously crafted
QuickTime content may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue through
improved bounds checking.

Apple TV
CVE-ID:  CVE-2008-0036
Available for:  Apple TV
Impact:  Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow may occur while processing a
compressed PICT image. Opening a maliciously crafted compressed PICT
file may lead to an unexpected application termination or arbitrary
code execution. This update addresses the issue by terminating
decoding when the result would extend beyond the end of the
destination buffer. Credit to Chris Ries of Carnegie Mellon
University Computing Services for reporting this issue.

Installation note:

The Apple TV device will automatically check Apple's update server on
its weekly schedule.  When an update is detected, it will download
it, verify its signature, and install it.

This process may take up to a week depending on the day that the
Apple TV device checks for updates.  Alternatively, you may manually
update your Apple TV using the TV interface by selecting
Settings > Update Software.

This update is only available directly to the Apple TV, and will not
appear in your computer's Software Update application, or in the
Apple Downloads site.

To check that the Apple TV has been updated, use the TV interface:

* Navigate to Settings
* Select About
* The Software Version after applying this update will be "2.1"
* To exit the About screen to the main menu, press Menu

Information will also be posted to the Apple Security Updates
web site:  http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBSHYhSHkodeiKZIkBAQizpggAz/nHtG/DF+1KWoq1LZdwkFiE3/ZkTTt6
Vx77MDj+3pzxPZ3l83t6LhGheN88nwl5KBGCiBgHGwu23Xi1AjjxFMnyjBdfrv6M
U07GJ5cJondUS6ITr75zp2b8hrYlKbLzXRIbH2E+toVLlrPD8/3u8frAzM9uo50M
qr5f2Ps5eqGcj2hTmSHfm0uKcmWIUWHtVWeaBxJyQjLSN+01ZDcyiYRX0wSG7gNW
63VcrKKrMGk4+JkeK7wI7YioF2whFgrj9SuKsCQlRSsGFQb51UDuHSHH8OGnCWF3
MioEA62tn7lgT9JW5aJ7QneTRMW/rQkxOb9FCLncUTbd7gExTvO+Yw==
=SZ/B
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC