Apple fixes security vulnerabilities with Apple TV 5.1 update
Less than one week after iOS 6 arrived, Apple has released Update 5.1 for its 2nd and 3rd generation iOS-based Apple TV devices, adding several new features and closing a number of important security holes. According to Apple, Apple TV 5.1 addresses a total of 21 problems, some of which could be exploited by a remote attacker to, for example, cause a denial-of-service (DoS), determine which networks a device has previously accessed, or even execute arbitrary code on the device.
These include vulnerabilities in the LibXML library used by Apple TV, memory corruption problems in JavaScriptCore and the LibPNG library, a stack buffer overflow in ICU locale ID handling, an integer overflow, a double free bug in ImageIO's handling of JPEG images and a buffer overflow in the LibTIFF library. For an attack to be successful, a victim must connect to a malicious Wi-Fi network, or open a specially crafted movie or image file.
Non-security related changes in the update include new screen savers, improvements to movie trailers, and support for Shared Photo Streams, SDH subtitles and iTunes account switching. Support for advanced network options using configuration profiles has also been added.
Further details on these vulnerabilities can be found in the company's security advisory. Apple TVs periodically check for updates automatically and will alert users when an update is available; however, users can also manually update their 2nd and 3rd generation Apple TVs by selecting Settings ➤ General ➤ Software update.
See also:
- About the security content of Apple TV 5.1, security advisory from Apple.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
