On Thursday, July 10, 2008, Apple released Apple TV 2.1 which addresses the following security issues.
Type: Data reference atoms; Unexpected application termination; Arbitrary code execution; Heap buffer overflow.
Platform: Apple TV
Resolution: Improved validation of data reference atoms
Credit: Chris Ries of Carnegie Mellon University Computing Services
Type: crgn atoms; Unexpected application termination; Arbitrary code execution; Malicious movie file; Heap buffer overflow
Platform: Apple TV
Resolution: Improved bounds checking
Credit: Credit to Sanbin Li working with TippingPoint's Zero Day Initiative
Type: chan atoms; Unexpected application termination; Arbitrary code execution; Malicious movie file; Heap buffer overflow
Platform: Apple TV
Resolution: Improved bounds checking
Credit: Credit to anonymous working with TippingPoint's Zero Day Initiative
Type: URL handling; Unexpected application termination; Arbitrary code execution; Malicious Quicktime content
Platform: Apple TV
Resolution: Disable launching of local applications and files
Credit: Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, and Petko D. (pdp) Petkov of GNUCITIZEN working with TippingPoint's Zero Day Initiative
Type: HTTP responses via RTSP tunneling; Unexpected application termination; Arbitrary code execution; Malicious Quicktime content; Heap buffer overflow
Platform: Apple TV
Resolution: Disable launching of local applications and files
Credit: NA
Type: Malicious PICT image; Unexpected application termination; Arbitrary code execution; Buffer overflow
Platform: Apple TV
Resolution: Terminate decoding before buffer overflow
Credit: Chris Ries of Carnegie Mellon University Computing Services
Detailed information can be found in the following Apple Knowledge Base document: http://support.apple.com/kb/HT2304
###
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon
--------------------
Office: 541-335-7441
Type: Data reference atoms; Unexpected application termination; Arbitrary code execution; Heap buffer overflow.
Platform: Apple TV
Resolution: Improved validation of data reference atoms
Credit: Chris Ries of Carnegie Mellon University Computing Services
Type: crgn atoms; Unexpected application termination; Arbitrary code execution; Malicious movie file; Heap buffer overflow
Platform: Apple TV
Resolution: Improved bounds checking
Credit: Credit to Sanbin Li working with TippingPoint's Zero Day Initiative
Type: chan atoms; Unexpected application termination; Arbitrary code execution; Malicious movie file; Heap buffer overflow
Platform: Apple TV
Resolution: Improved bounds checking
Credit: Credit to anonymous working with TippingPoint's Zero Day Initiative
Type: URL handling; Unexpected application termination; Arbitrary code execution; Malicious Quicktime content
Platform: Apple TV
Resolution: Disable launching of local applications and files
Credit: Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, and Petko D. (pdp) Petkov of GNUCITIZEN working with TippingPoint's Zero Day Initiative
Type: HTTP responses via RTSP tunneling; Unexpected application termination; Arbitrary code execution; Malicious Quicktime content; Heap buffer overflow
Platform: Apple TV
Resolution: Disable launching of local applications and files
Credit: NA
Type: Malicious PICT image; Unexpected application termination; Arbitrary code execution; Buffer overflow
Platform: Apple TV
Resolution: Terminate decoding before buffer overflow
Credit: Chris Ries of Carnegie Mellon University Computing Services
Detailed information can be found in the following Apple Knowledge Base document: http://support.apple.com/kb/HT2304
###
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon
--------------------
Office: 541-335-7441
[ reply ]