APPLE-SA-04-16-2025-3 tvOS 18.4.1
tvOS 18.4.1修复了CoreAudio的内存错误和RPAC的指针认证问题,这两个漏洞可能被用于针对特定用户的攻击。 2025-4-24 03:15:0 Author: seclists.org(查看原文) 阅读量:11 收藏
tvOS 18.4.1修复了CoreAudio的内存错误和RPAC的指针认证问题,这两个漏洞可能被用于针对特定用户的攻击。 2025-4-24 03:15:0 Author: seclists.org(查看原文) 阅读量:11 收藏
Full Disclosure mailing list archives
From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
Date: Wed, 16 Apr 2025 13:53:47 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-04-16-2025-3 tvOS 18.4.1 tvOS 18.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/122401. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. CoreAudio Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. Description: A memory corruption issue was addressed with improved bounds checking. CVE-2025-31200: Apple and Google Threat Analysis Group RPAC Available for: Apple TV HD and Apple TV 4K (all models) Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. Description: This issue was addressed by removing the vulnerable code. CVE-2025-31201: Apple Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About.“ All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmgABnMACgkQX+5d1TXa IvrBPxAAwsR/u23qMtnS+WtGXrNHF8i1Ibx2QzFq5+6FlBBuOB2JJG++y0CBkiRI TueqJpmorYoi3lmH7DME4kvHZv+ch70yEsadwFOVAav6bzixng0Zdk+I16xR6PqA 6ay1+4MBNqmUa3ZEpla1RyUGHQ0RyiF1XxVEjH5iTTNdDLFDumtz1gX5Q70O3iDw aGZZ3JyRvWXOvZMcb+pPfpEcNKK80n7W3g1bl9EIWlewuZJDLNWjych0tPGPsKUz tX7Q5kN/TUyiatULPznKUpp1wafetJbHsOg6kEjOnQyxBxWw9BQjNj9wPZhOjTUa VdG6NVKHNKw1FsRA0U/DIMiSTtcLCiX8g4RApcaIb0/HpvuoSHwC4DCQ4PaY88bV 59LQ2RGetjvJjCAxB6ENGQkxoJtIuOXIYU/TxY8qG98dcLRm14g/JrsMC5B+6nCz D6/Y9axottqgvm5E/hRKOsMgSscb9aU9jhf65l3C1aHRIdQM7xNhLF93CgXTw/Wt AKWSn6gO7RxwybVRBZqdOA39oeqomWZapoluy9PYKwF7bvHbKqsKTePuYJUjrzaI qIWR0nTPxMkYRGeWkPkFhSfLnlDZs/zB4RLQY8lEpxR6WblercddUeusFjiN+zsR 2Jxo5vYgjH1Zd2ytcmq2uKkfOmHLA7R8ts88pUYo2mtpNGgtTZc= =42zN -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- APPLE-SA-04-16-2025-3 tvOS 18.4.1 Apple Product Security via Fulldisclosure (Apr 23)
文章来源: https://seclists.org/fulldisclosure/2025/Apr/25
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh