If You Have An AppleTV, Time to Update!

Several security updates, and Apple’s “MobileMe” service added in this update… so go for it!

Several security fixes included in AppleTV update

“While the upgrade to the company’s set-top box was advertised as adding support for remote control of iTunes and MobileMe, it also fixed some potentially serious flaws. All six of the issues addressed with this last batch of patches deal with the potential for arbitrary code execution, with all but one also possibly leading to crashes of the device. Three of the flaws can be exploited through movie files, two through QuickTime, and the last through PICT images. Of the movie file issues, all deal with the handling of so-called “atoms,” which are bits of data in the QuickTime spec that hold various bits of information, such as title, codec identifiers, the encoded data, and so forth. Heap buffer overflows could occur in the data reference, ‘crgn’, and ‘chan’ atoms, which could be used to launch arbitrary code and crash the device. To fix it, Apple added additional validation of the data reference atoms, while adding improved bounds checking to the latter two.”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.