Apple TV < 10.0 Multiple Vulnerabilities

Versions of Apple TV earlier than 10.0 are vulnerable to the following issues :

• A flaw exists in libxml2 that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4658)
• A flaw exists in FontParser that is triggered during the handling of a specially crafted font file. This may allow a context-dependent attacker to disclose information in process memory. (CVE-2016-4718)
• An unspecified flaw exists in IOAcceleratorFamily that may allow a context-dependent attacker to disclose arbitrary contents of the memory. No further details have been provided. (CVE-2016-4725)
• A flaw exists in IOAcceleratorFamily that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4726)
• A flaw exists in libxslt that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4738)
• A flaw exists that is triggered during the handling of a signed disk image. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor. (CVE-2016-4753)
• A flaw exists in the kernel that is triggered as the system fails to properly handle locking. This may allow a remote attacker to cause a denial of service. (CVE-2016-4772)
• An out-of-bounds read flaw exists in the Kernel that that may allow a local attacker to disclose the contents of memory. No further details have been provided. (CVE-2016-4773)
• An out-of-bounds read flaw exists in the Kernel that that may allow a local attacker to disclose the contents of memory. No further details have been provided. (CVE-2016-4774)
• A flaw exists in the Kernel that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4775)
• An out-of-bounds read flaw exists in the Kernel that that may allow a local attacker to disclose the contents of memory. No further details have been provided. (CVE-2016-4776)
• An untrusted pointer dereference flaw exists in the Kernel that may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor. (CVE-2016-4777)
• A flaw exists in the Kernel that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4778)