Apple TV 6.1.2 has been released and includes multiple security-related fixes for 2nd generation and newer Apple TV models. This update addresses 35 security flaws altogether.
The following vulnerabilities are addressed in the Apple TV 6.1.2 update:
CVE-2014-1355 : An application could cause the device to unexpectedly restart. A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments.
CVE-2014-1356 : A malicious application may be able to execute arbitrary code with system privileges. A heap buffer overflow existed in launchd’s handling of IPC messages. This issue was addressed through improved bounds checking.
CVE-2014-1357 : A malicious application may be able to execute arbitrary code with system privileges. A heap buffer overflow existed in launchd’s handling of log messages. This issue was addressed through improved bounds checking.
CVE-2014-1358 : A malicious application may be able to execute arbitrary code with system privileges. An integer overflow existed in launchd. This issue was addressed through improved bounds checking.
CVE-2014-1359 : A malicious application may be able to execute arbitrary code with system privileges. An integer underflow existed in launchd. This issue was addressed through improved bounds checking.
CVE-2014-1361 : Two bytes of memory could be disclosed to a remote attacker. An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection.
CVE-2014-1383 : An iTunes Store transaction may be completed with insufficient authorization. A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. This issue was addressed by additional enforcement of purchase authorization.
Users can download the software update by turning on your Apple TV, then go to Settings > General > Update Software.
