Apple TV 6.0.2 Update Fixes SSL Flaw
Posted on by Derek Erwin
Last week, Apple released a software update for Apple TV with fixes for an SSL connection verification bug (CVE-2014-1266). This update brings Apple TV to version 6.0.2, and is Apple’s first security update for the product in 2014.
This update is available for: Apple TV 2nd generation and later.
In conjunction with the Apple TV 6.0.2 update, the company released iOS updates with fixes for the same SSL flaw. Apple noted that the vulnerability allows “An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.”
Apple further described the SSL flaw as follows:
CVE-2014-1266 : Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
Users can download the software update by turning on your Apple TV, then go to Settings > General > Update Software.