Technology news and Jobs 
Information Technology News Apple TV security fixes - better late than never?
Information Technology News Apple TV security fixes - better late than never? | Apple TV security fixes - better late than never? |
|
| Information technology news - Security | |
| by Stephen Withers | |
| Friday, 11 July 2008 | |
|
Page 1 of 2       
Apple TV 2.1 is designed to remove half a dozen vulnerabilities. Their most common cause? Our old favourite: buffer overflows leading to crashes or arbitrary code execution. Improved bounds checking and data validation in the new software fixes five of the six vulnerabilities, which could be exploited by maliciously formed movie, QuickTime or PICT. The remaining issue concerned the way QuickTime handles URLs. The software now refuses to open local files or applications specified in file: URLs. While this stops malicious content from triggering program execution, it also prevents legitimate use of the capability. (Better safe than sorry?) Three of the bugs were reported to Apple by Tipping Point's Zero Day Initiative, which buys vulnerability information from security researchers and then engages in a 'responsible disclosure' dialogue with the vendor concerned. Apple has a reputation for being less than speedy when it comes to security updates. Of the six vulnerabilities covered by the Apple TV update, all have previously been fixed by QuickTime updates for Mac OS X and Windows. Just how long has Apple held back on security updates for the Apple TV? Please read on. |
|
| < Next story in category | Previous story in the category > |
|---|
