In association with heise online

11 July 2008, 09:50

Apple makes its TV service safer

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has released a security update for its Apple TV streaming box and iTunes living room client in order to close six critical security holes. The vendor says that attackers could inject and execute arbitrary code in the device when specially crafted movies are played back. As a result, the unit could be used to purchase iTunes music or be integrated in a bot network as a zombie. The holes are at least partly the result of flaws in the handling of chan and crgn atoms, which lead to buffer overflows. Furthermore, two flaws in QuickTime are related to the handling of certain URLs and RTSP tunnels. Specially crafted PICT images can also provoke a buffer overflow.

The update to version 2.1 is now available for downloading. However, the automatic update function in Apple TV only checks for new updates once a week, so it may take a few days before your system finds and installs this update. Fortunately, you can also install the update manually.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit