Security News

Apple Fixes Security Bugs in Apple TV 6.1.2 Update

Posted on June 30th, 2014 by

Apple-tvApple TV 6.1.2 has been released and includes multiple security-related fixes for 2nd generation and newer Apple TV models. This update addresses 35 security flaws altogether.

The following vulnerabilities are addressed in the Apple TV 6.1.2 update:

  • CVE-2014-1355 : An application could cause the device to unexpectedly restart. A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments.
  • CVE-2014-1356 : A malicious application may be able to execute arbitrary code with system privileges. A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking.
  • CVE-2014-1357 : A malicious application may be able to execute arbitrary code with system privileges. A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking.
  • CVE-2014-1358 : A malicious application may be able to execute arbitrary code with system privileges. An integer overflow existed in launchd. This issue was addressed through improved bounds checking.
  • CVE-2014-1359 : A malicious application may be able to execute arbitrary code with system privileges. An integer underflow existed in launchd. This issue was addressed through improved bounds checking.
  • CVE-2014-1361 : Two bytes of memory could be disclosed to a remote attacker. An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection.
  • CVE-2013-2875CVE-2013-2927CVE-2014-1323CVE-2014-1325CVE-2014-1326CVE-2014-1327CVE-2014-1329CVE-2014-1330CVE-2014-1331CVE-2014-1333CVE-2014-1334CVE-2014-1335CVE-2014-1336CVE-2014-1337CVE-2014-1338CVE-2014-1339CVE-2014-1341CVE-2014-1342CVE-2014-1343CVE-2014-1362CVE-2014-1363CVE-2014-1364CVE-2014-1365CVE-2014-1366CVE-2014-1367CVE-2014-1368CVE-2014-1382CVE-2014-1731Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-2014-1383 : An iTunes Store transaction may be completed with insufficient authorization. A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. This issue was addressed by additional enforcement of purchase authorization.

Users can download the software update by turning on your Apple TV, then go to Settings > General > Update Software.

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}