Security hole closed in Apple TV
In addition to adding YouTube support to version 1.1 of the Apple TV set-top box, the update also closes a critical security hole. Apple says that the hole could be exploited to inject and execute code on the device.
The problem is caused by a flaw in Apple's implementation of the Internet Gateway Device Standardized Device Control Protocol, which the device uses to tell a router via UPnP which ports to open, among other things. A buffer overflow occurs in Apple TV during the handling of certain UPnP packets; this vulnerability allows code to be written onto the application's stack and launched. The security advisory says that it is also possible to exploit this vulnerability remotely. It is not yet clear, however, whether "remote" means that attacks could come only from the LAN or also from the internet. Normally, UPnP packets are not routed over the internet. UPnP has repeatedly caused security concerns because it allows devices to punch their own holes in firewalls and filters via the port mapping function. In addition, there is often an implementation error in routers that allows the routers to be misused as proxies or relays.
The update that remedies the hole is being automatically installed. However, the automatic update function in Apple TV only checks for new updates once a week, so it may be a few days before your system finds and installs this update. Fortunately, you can also have the update installed manually.
- About the security content of Apple TV 1.1, Apple's security advisory