Focus on Apple
Apple releases Apple TV 2.1 Jul 13 2008 05:02PM
Todd Woodward (todd_woodward symantec com)
On Thursday, July 10, 2008, Apple released Apple TV 2.1 which addresses the following security issues.

Type: Data reference atoms; Unexpected application termination; Arbitrary code execution; Heap buffer overflow.
Platform: Apple TV
Resolution: Improved validation of data reference atoms
Credit: Chris Ries of Carnegie Mellon University Computing Services

Type: crgn atoms; Unexpected application termination; Arbitrary code execution; Malicious movie file; Heap buffer overflow
Platform: Apple TV
Resolution: Improved bounds checking
Credit: Credit to Sanbin Li working with TippingPoint's Zero Day Initiative

Type: chan atoms; Unexpected application termination; Arbitrary code execution; Malicious movie file; Heap buffer overflow
Platform: Apple TV
Resolution: Improved bounds checking
Credit: Credit to anonymous working with TippingPoint's Zero Day Initiative

Type: URL handling; Unexpected application termination; Arbitrary code execution; Malicious Quicktime content
Platform: Apple TV
Resolution: Disable launching of local applications and files
Credit: Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, and Petko D. (pdp) Petkov of GNUCITIZEN working with TippingPoint's Zero Day Initiative

Type: HTTP responses via RTSP tunneling; Unexpected application termination; Arbitrary code execution; Malicious Quicktime content; Heap buffer overflow
Platform: Apple TV
Resolution: Disable launching of local applications and files
Credit: NA

Type: Malicious PICT image; Unexpected application termination; Arbitrary code execution; Buffer overflow
Platform: Apple TV
Resolution: Terminate decoding before buffer overflow
Credit: Chris Ries of Carnegie Mellon University Computing Services

Detailed information can be found in the following Apple Knowledge Base document: http://support.apple.com/kb/HT2304

###

Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon
--------------------
Office: 541-335-7441

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus