Apple TV 2.1


Recommended Posts

Cara

Apple TV 2.1 is now available and addresses the following issues:

Apple TV

CVE-ID: CVE-2008-1015

Available for: Apple TV

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: An issue in the handling of data reference atoms may

result in a buffer overflow. Viewing a maliciously crafted movie file

may lead to an unexpected application termination or arbitrary code

execution. This update addresses the issue by performing additional

validation of data reference atoms. Credit to Chris Ries of Carnegie

Mellon University Computing Services for reporting this issue.

Apple TV

CVE-ID: CVE-2008-1017

Available for: Apple TV

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: An issue in the parsing of 'crgn' atoms may result in a

heap buffer overflow. Viewing a maliciously crafted movie file may

lead to an unexpected application termination or arbitrary code

execution. This update addresses the issue through improved bounds

checking. Credit to Sanbin Li working with TippingPoint's Zero Day

Initiative for reporting this issue.

Apple TV

CVE-ID: CVE-2008-1018

Available for: Apple TV

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: An issue in the parsing of 'chan' atoms may result in a

heap buffer overflow. Viewing a maliciously crafted movie file may

lead to an unexpected application termination or arbitrary code

execution. This update addresses the issue through improved bounds

checking. Credit to an anonymous researcher working with

TippingPoint's Zero Day Initiative for reporting this issue.

Apple TV

CVE-ID: CVE-2008-1585

Available for: Apple TV

Impact: Playing maliciously crafted QuickTime content may lead to

arbitrary code execution

Description: A URL handling issue exists in the handling of file:

URLs. This may allow arbitrary applications and files to be launched

when a user plays maliciously crafted QuickTime content. This update

addresses the issue by not longer launching local applications and

files. Credit to Vinoo Thomas and Rahul Mohandas of McAfee Avert

Labs, and Petko D. (pdp) Petkov of GNUCITIZEN working with

TippingPoint's Zero Day Initiative for reporting this issue.

Apple TV

CVE-ID: CVE-2008-0234

Available for: Apple TV

Impact: Playing maliciously crafted QuickTime content may lead to an

unexpected application termination or arbitrary code execution

Description: A heap buffer overflow exists in the handling of HTTP

responses when RTSP tunneling is enabled. Playing maliciously crafted

QuickTime content may lead to an unexpected application termination

or arbitrary code execution. This update addresses the issue through

improved bounds checking.

Apple TV

CVE-ID: CVE-2008-0036

Available for: Apple TV

Impact: Opening a maliciously crafted PICT image may lead to an

unexpected application termination or arbitrary code execution

Description: A buffer overflow may occur while processing a

compressed PICT image. Opening a maliciously crafted compressed PICT

file may lead to an unexpected application termination or arbitrary

code execution. This update addresses the issue by terminating

decoding when the result would extend beyond the end of the

destination buffer. Credit to Chris Ries of Carnegie Mellon

University Computing Services for reporting this issue.

Installation note:

The Apple TV device will automatically check Apple's update server on

its weekly schedule. When an update is detected, it will download

it, verify its signature, and install it.

This process may take up to a week depending on the day that the

Apple TV device checks for updates. Alternatively, you may manually

update your Apple TV using the TV interface by selecting

Settings > Update Software.

This update is only available directly to the Apple TV, and will not

appear in your computer's Software Update application, or in the

Apple Downloads site.

To check that the Apple TV has been updated, use the TV interface:

* Navigate to Settings

* Select About

* The Software Version after applying this update will be "2.1"

* To exit the About screen to the main menu, press Menu

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.