Skip to main content

Apple TV Multiple Vulnerabilities

Last Update Date: 12 Mar 2014 12:33 Release Date: 12 Mar 2014 3838 Views

RISK: High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in Apple TV, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a vulnerable device.

  1. An error exists when handling code signature validation of text relocation instructions in dynamic libraries within the dyld component, which can be exploited to bypass certain code signing requirements.
  2. An error exists when handling JPEG2000 images in PDF files within the ImageIO component, which can be exploited to cause a buffer overflow via a specially crafted PDF file.
  3. An error related to libtiff exists within the ImageIO component.
  4. An error related to libjpeg exists within the ImageIO component.
  5. An error exists when handling USB messages within the USB Host component, which can be exploited to cause memory corruption.
  6. Multiple unspecified errors within the WebKit component can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities #2, #3, #5 and #6 may allow execution of arbitrary code.


Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Versions prior to 6.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 6.1

Vulnerability Identifier


Source


Related Link