November 27, 2014

New Apple TV software released with security fixes

(LiveHacking.Com) –  Apple has published V5.1.1 of its Apple TV software to fix two security issues. The software, which is available for Apple TV 2nd generation devices and later, addresses just two issues one of which could lead to arbitrary code execution.

The first issue fixes an information disclosure issue that existed in the handling of APIs related to kernel extensions. Responses containing a OSBundleMachOHeaders key may have included kernel addresses. These exposed addresses could help hackers bypass address space layout randomization protection. The exact same bug, which was found by Mark Dowd of Azimuth Security, Eric Monti of Square, and additional anonymous researchers, was fixed in iOS 6.0.1 earlier this month.

The second vulnerability fixed is part of WebKit. A time of check to time of use issue existed in the handling of JavaScript arrays. To exploit it a hacker would need a privileged network position and if successful it could cause an unexpected application termination or arbitrary code execution. Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint’s Zero Day Initiative are credited for the find and like the previous bug it was also fixed in iOS 6.0.1.

To check to see which version of of the OS your device is using , select ”Settings -> General -> About”. Most users won’t need to do anything as Apple TV will regularly check for software updates. Alternatively, you may manually check for software updates by selecting ”Settings -> General -> Update Software”.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks