Home / mailings APPLE-SA-2013-03-19-2 Apple TV 5.2.1
Posted on 19 March 2013
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-03-19-2 Apple TV 5.2.1
Apple TV 5.2.1 is now available and addresses the following:
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed by refusing to load an executable with overlapping
segments.
CVE-ID
CVE-2013-0977 : evad3rs
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A local user may be able to determine the address of
structures in the kernel
Description: An information disclosure issue existed in the ARM
prefetch abort handler. This issue was addressed by panicking if the
prefetch abort handler is not being called from an abort context.
CVE-ID
CVE-2013-0978 : evad3rs
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A local user may be able to execute arbitrary code in the
kernel
Description: The IOUSBDeviceFamily driver used pipe object pointers
that came from userspace. This issue was addressed by performing
additional validation of pipe object pointers.
CVE-ID
CVE-2013-0981 : evad3rs
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
