Apple TV vulnerabilities closed after being watched for months

Apple TV vulnerabilities closed after being watched for months

Summary: Apple has closed off 21 vulnerabilities in Apple TV today despite knowing about many of them for months in advance.

SHARE:
TOPICS: Security, Apple
2

Apple has been going on a patching spree, releasing updates to close vulnerabilities in iTunes, iOS, OS X, and now even its Apple TV offering.

The Cupertino, California-based company released a security bulletin today, revealing the closure of 21 vulnerabilities affecting Apple TV.

The majority of the vulnerabilities affect how Apple TV handles certain specially crafted images or movies, which can result in the underlying software either crashing, or allowing arbitrary code to be executed. A number of vulnerabilities date back to 2011.

Despite many of these vulnerabilities also allowing for arbitrary code to be executed, and the company clearly being aware of their existence, as evidenced by it patching them in other Apple products, they were only closed in this most recent update.

For example, an Apple TV vulnerability that meant that a malicious TIFF file could allow arbitrary code to be executed was reported by a member of the public on March 21, 2011, and assigned the vulnerability identifier CVE-2011-1167. It was later closed in an update to OS X Lion 10.7.3, which, according to the date of the security bulletin, indicates that Apple was aware of the issue as early as February 1, 2012.

According to the security bulletin, Apple TV will periodically check for software updates on its own, although users can manually force a check themselves.

Apple also recently released security patches for OS X Mountain Lion and OS X Lion to close off 34 vulnerabilities.

Some of the more significant issues included a bug where a locally logged-in user could allow another user to attempt to log in and in doing so steal their log-in credentials; and on Lion systems, attackers could decrypt data even if it was protected by SSL.

Topics: Security, Apple

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Whoop whoop

    A good fix finally! Always wondered why for no reason a show would just drop out! Our DigiRAW.com customers will be very pleased. Good article share.
    Love My Apple TV and ripped disc collection
  • Okay!...

    And Apple fanboys used to blame Microsoft for holding up on vuln fixes? Not that I give a flying fickle finger of fate; but HEY! That was all I heard for years, and I was tired of it - so now turn around is fair play.
    JCitizen