Languages

Archived - About the security content of Apple TV 2.1

This document describes the security content of Apple TV 2.1.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

This article has been archived and is no longer updated by Apple.

Apple TV 2.1

  • Apple TV

    CVE-ID: CVE-2008-1015

    Available for: Apple TV

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: An issue in the handling of data reference atoms may result in a buffer overflow. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of data reference atoms. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.

  • Apple TV

    CVE-ID: CVE-2008-1017

    Available for: Apple TV

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: An issue in the parsing of 'crgn' atoms may result in a heap buffer overflow. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Sanbin Li working with TippingPoint's Zero Day Initiative for reporting this issue.

  • Apple TV

    CVE-ID: CVE-2008-1018

    Available for: Apple TV

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: An issue in the parsing of 'chan' atoms may result in a heap buffer overflow. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • Apple TV

    CVE-ID: CVE-2008-1585

    Available for: Apple TV

    Impact: Playing maliciously crafted QuickTime content may lead to arbitrary code execution

    Description: A URL handling issue exists in the handling of file: URLs. This may allow arbitrary applications and files to be launched when a user plays maliciously crafted QuickTime content. This update addresses the issue by no longer launching local applications and files. Credit to Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, and Petko D. (pdp) Petkov of GNUCITIZEN working with TippingPoint's Zero Day Initiative for reporting this issue.

  • Apple TV

    CVE-ID: CVE-2008-0234

    Available for: Apple TV

    Impact: Playing maliciously crafted QuickTime content may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of HTTP responses when RTSP tunneling is enabled. Playing maliciously crafted QuickTime content may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

  • Apple TV

    CVE-ID: CVE-2008-0036

    Available for: Apple TV

    Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow may occur while processing a compressed PICT image. Opening a maliciously crafted compressed PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.

Last Modified: Nov 6, 2011
Helpful?
Yes
No
  • Last Modified: Nov 6, 2011
  • Article: HT2304
  • Views:

    2309
  • Rating:
    • 100.0

    (1 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked