Languages

About the security content of Apple TV 4.2

This document describes the security content of Apple TV 4.2.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

Apple TV 4.2

  • Apple TV

    Available for: Apple TV 4.0 and 4.1

    Impact: Multiple vulnerabilities in FreeType

    Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.3. Further information is available via the FreeType site at http://www.freetype.org/

    CVE-ID

    CVE-2010-3855

  • Apple TV

    Available for: Apple TV 4.0 and 4.1

    Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

    CVE-ID

    CVE-2011-0191 : Apple

  • Apple TV

    Available for: Apple TV 4.0 and 4.1

    Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

    CVE-ID

    CVE-2011-0192 : Apple

  • Apple TV

    Available for: Apple TV 4.0 and 4.1

    Impact: A server may be able to identify a device across connections

    Description: The IPv6 address chosen by the device contains the device's MAC address when using stateless address autoconfiguration (SLAAC). An IPv6 enabled server contacted by the device can use the address to track the device across connections. This update implements the IPv6 extension described in RFC 3041 by adding a temporary random address used for outgoing connections.

  • Apple TV

    Available for: Apple TV 4.0 and 4.1

    Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a device reset

    Description: A bounds checking issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a device reset.

    CVE-ID

    CVE-2011-0162 : Scott Boyd of ePlus Technology, inc.

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.
Last Modified: May 30, 2012
Helpful?
Yes
No
Not helpful Somewhat helpful Helpful Very helpful Solved my problem
Print this page
  • Last Modified: May 30, 2012
  • Article: HT4565
  • Views:

    89251
  • Rating:
    • 71.0

    (894 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked