This document describes the security content of Apple TV 1.1.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
Apple TV
CVE-ID: CVE-2007-2386
Available for: Apple TV
Impact: A remote attacker may be able to cause a denial of service or arbitrary code execution
Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the Apple TV implementation. By sending a maliciously crafted packet, a remote attacker can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets. Credit to Michael Lynn of Juniper Networks for reporting this issue.
Installation note:
This update is only available directly to the Apple TV, and will not appear in your computer's Software Update application, or in the Apple Downloads site.
The Apple TV device will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it and present the user with the option to install the update immediately or later. We recommend applying the update immediately if possible. Selecting "later" will present the option about a week later when the device once again checks for available updates.
The automatic update process may take up to a week depending on the day that the Apple TV device checks for updates. Alternatively, you may manually update your Apple TV using the TV interface by selecting Settings > Update Software.
To check that the Apple TV has been updated, use the TV interface: