About the security content of Apple TV 4.2

This document describes the security content of Apple TV 4.2.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

Apple TV 4.2

  • Apple TV

    Available for: Apple TV 4.0 and 4.1

    Impact: Multiple vulnerabilities in FreeType

    Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.3. Further information is available via the FreeType site at http://www.freetype.org/

    CVE-ID

    CVE-2010-3855

  • Apple TV

    Available for: Apple TV 4.0 and 4.1

    Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

    CVE-ID

    CVE-2011-0191 : Apple

  • Apple TV

    Available for: Apple TV 4.0 and 4.1

    Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

    CVE-ID

    CVE-2011-0192 : Apple

  • Apple TV

    Available for: Apple TV 4.0 and 4.1

    Impact: A server may be able to identify a device across connections

    Description: The IPv6 address chosen by the device contains the device's MAC address when using stateless address autoconfiguration (SLAAC). An IPv6 enabled server contacted by the device can use the address to track the device across connections. This update implements the IPv6 extension described in RFC 3041 by adding a temporary random address used for outgoing connections.

  • Apple TV

    Available for: Apple TV 4.0 and 4.1

    Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a device reset

    Description: A bounds checking issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a device reset.

    CVE-ID

    CVE-2011-0162 : Scott Boyd of ePlus Technology, inc.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: