Apple TV < 9.1 Multiple Vulnerabilities

Versions of Apple TV earlier than 9.1 are vulnerable to the following issues :

• A flaw exists within the ‘IOAcceleratorFamily’ component. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with system privileges. (CVE-2015-7109)
• A use-after-free condition is triggered when parsing disk images. This may allow a local attacker to dereference already freed memory and potentially execute arbitrary code with kernel privileges. (CVE-2015-7110)
• A memory corruption vulnerability exists within the ‘ASN.1 decoder’. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted certificate. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-7059, CVE-2015-7060, CVE-2015-7061)
• A flaw exists due to the program failing to properly perform authorization checks. This may allow a local attacker to install arbitrary configuration profiles. (CVE-2015-7062)
• A flaw exists within legacy functionality that is triggered in the way Keychain access interacts with the Keychain agent. This may allow a local attacker to spoof as a valid Keychain server. (CVE-2015-7045)