Home / mailings APPLE-SA-2013-01-28-2 Apple TV 5.2
Posted on 28 January 2013
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-2 Apple TV 5.2
Apple TV 5.2 is now available and addresses the following:
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The kernel has checks to validate that the user-mode
pointer and length passed to the copyin and copyout functions would
not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Apple TV
Available for: Apple TV 2nd generation
Impact: A remote attacker on the same WiFi network may be able to
cause an unexpected system termination
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
