Apple TV security fixes - better late than never?

User Rating: / 1
PoorBest 

by Stephen Withers

Friday, 11 July 2008

Page 1 of 2 ! Despite the flurry of activity surrounding the iPhone 3G launch, Apple hasn't been ignoring its other product lines. A software update for Apple TV plugs multiple security holes. Related stories MacBook touch - here's hoping it's not a pipe dream Google goes to 'Android Market' in App Store challenge Why iPhone 2.0.2 fixed problems for some users Why Pod when you can Plum? Psystar Wars: Attack of the Clones Apple TV 2.1 is designed to remove half a dozen vulnerabilities. Their most common cause? Our old favourite: buffer overflows leading to crashes or arbitrary code execution. Improved bounds checking and data validation in the new software fixes five of the six vulnerabilities, which could be exploited by maliciously formed movie, QuickTime or PICT. The remaining issue concerned the way QuickTime handles URLs. The software now refuses to open local files or applications specified in file: URLs. While this stops malicious content from triggering program execution, it also prevents legitimate use of the capability. (Better safe than sorry?) Three of the bugs were reported to Apple by Tipping Point's Zero Day Initiative, which buys vulnerability information from security researchers and then engages in a 'responsible disclosure' dialogue with the vendor concerned. Apple has a reputation for being less than speedy when it comes to security updates. Of the six vulnerabilities covered by the Apple TV update, all have previously been fixed by QuickTime updates for Mac OS X and Windows. Just how long has Apple held back on security updates for the Apple TV? Please read on. << First page <   1 2 Next page > Last page - Post your comment >>

 

< Next story in category		Previous story in the category >