Apple TV 2.1
-
Apple TV
CVE-ID: CVE-2008-1015
Available for: Apple TV
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: An issue in the handling of data reference atoms may result in a buffer overflow. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of data reference atoms. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.
-
Apple TV
CVE-ID: CVE-2008-1017
Available for: Apple TV
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: An issue in the parsing of 'crgn' atoms may result in a heap buffer overflow. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Sanbin Li working with TippingPoint's Zero Day Initiative for reporting this issue.
-
Apple TV
CVE-ID: CVE-2008-1018
Available for: Apple TV
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: An issue in the parsing of 'chan' atoms may result in a heap buffer overflow. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
-
Apple TV
CVE-ID: CVE-2008-1585
Available for: Apple TV
Impact: Playing maliciously crafted QuickTime content may lead to arbitrary code execution
Description: A URL handling issue exists in the handling of file: URLs. This may allow arbitrary applications and files to be launched when a user plays maliciously crafted QuickTime content. This update addresses the issue by no longer launching local applications and files. Credit to Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, and Petko D. (pdp) Petkov of GNUCITIZEN working with TippingPoint's Zero Day Initiative for reporting this issue.
-
Apple TV
CVE-ID: CVE-2008-0234
Available for: Apple TV
Impact: Playing maliciously crafted QuickTime content may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of HTTP responses when RTSP tunneling is enabled. Playing maliciously crafted QuickTime content may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
-
Apple TV
CVE-ID: CVE-2008-0036
Available for: Apple TV
Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow may occur while processing a compressed PICT image. Opening a maliciously crafted compressed PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.