-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-05-16-1 tvOS 9.2.1

tvOS 9.2.1 is now available and addresses the following:

CFNetwork Proxies
Available for:  Apple TV (4th generation)
Impact:  An attacker in a privileged network position may be able to
leak sensitive user information
Description:  An information leak existed in the handling of HTTP and
HTTPS requests. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information
Security

CommonCrypto
Available for:  Apple TV (4th generation)
Impact:  A malicious application may be able to leak sensitive user
information
Description:  An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1802 : Klaus Rodewig

CoreCapture
Available for:  Apple TV (4th generation)
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro’s Zero Day Initiative

Disk Images
Available for:  Apple TV (4th generation)
Impact:  An application may be able to read kernel memory
Description:  A race condition was addressed through improved
locking.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero

Disk Images
Available for:  Apple TV (4th generation)
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro

ImageIO
Available for:  Apple TV (4th generation)
Impact:  Processing a maliciously crafted image may lead to a denial
of service
Description:  A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)

IOAcceleratorFamily
Available for:  Apple TV (4th generation)
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro

IOAcceleratorFamily
Available for:  Apple TV (4th generation)
Impact:  An application may be able to cause a denial of service
Description:  A null pointer dereference was addressed through
improved locking.
CVE-ID
CVE-2016-1814 : Juwei Lin of TrendMicro

IOAcceleratorFamily
Available for:  Apple TV (4th generation)
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption vulnerability was addressed through
improved locking.
CVE-ID
CVE-2016-1819 : Ian Beer of Google Project Zero

IOAcceleratorFamily
Available for:  Apple TV (4th generation)
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero

IOHIDFamily
Available for:  Apple TV (4th generation)
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent

Kernel
Available for:  Apple TV (4th generation)
Impact:  An application may be able to execute arbitrary code with
kernel privileges
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad

libc
Available for:  Apple TV (4th generation)
Impact:  An application may be able to cause unexpected application
termination or arbitrary code execution
Description:  A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson

libxml2
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany

libxslt
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may lead to
arbitrary code execution
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt

OpenGL
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may lead to
arbitrary code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks

WebKit
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may disclose data
from another website
Description:  An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking.
CVE-ID
CVE-2016-1858 : an anonymous researcher

WebKit
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may lead to
arbitrary code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day
Initiative
CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day
Initiative
CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative

WebKit Canvas
Available for:  Apple TV (4th generation)
Impact:  Processing maliciously crafted web content may lead to
arbitrary code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXOjzyAAoJEIOj74w0bLRGWI8P/jLFPTwi0qbBczPo3VUwDR07
ZPtJa1T0RXjshbBNgpNde8wiD9ZbYE9/ahrOPlmGupxrX6GKMGPPLtbD3msPlkCp
BQbo/NgK0+uzkUNhzmS0cwsJNjRfbswIkV4iDBpxTvE+n0LheJqp416XSYlqimtx
zrNq7Qm3koqdTHafOXMzuOUkD957p1ii9SHJZBGyF68XT2QmEgc+L3lg6QVJ9jwU
HnQ4SuViEZ+qQKEqmo8ADXkzuJfiPsmeiTDWWCdgLhlM6ucTWxhOXbZP6mbmCBLa
zc9jW9gjbxBAHOTJqjlqNrAtP01VGf5Vqel+jSOaAAXMrP8Dk4/e26qj6PL6iAu3
CbHusl8ItSPAUaTMP8K3WVUiseFDWENKMz2i4VS/nZvoaGtHeJefek3RIyaQw1sQ
IcLqmbMmhUgY8voFHWz9RHMJX7wL6MuZWm2mHFvJ2XKxbQdeLD3d5yABRju9gldn
/FcSkDmFXqVZKnfFpli877am1Z4jVXBgrWMGdEV3HENhV9WYTyGBZG8eZDTLiQqe
pw8DZufpPZt0U/c2X+/qH5AQjcdStTfzv0xb3MqVh5GP3dZoQnP3nTlGRv2a7Vlf
v0XdrgNCv2s7CLelv6WiXcEeeVP95XkwNTFf1+oZaZxwFZeY+iAkiR1Z7ItdWlFQ
bdUbGfVTcdKWfjj6Jwr+
=CLh/
-----END PGP SIGNATURE-----