Apple TV Security Update

Apple has released their first security update for Apple TV. According the bulletin a remote attacker can cause a denial of service attack or arbitrary code execution.

This patches the same flaw that was plugged in OS X last month.

At first I thought this was interesting but probably not a problem. Apple TV’s seem limited in what they can do plus they usually reside on a home network behind a NAT router. Apparently this isn’t entirely true and will become even less true as features such as viewing YouTube videos and (maybe) movie rentals are added to Apple TV. Plus the vulnerability exists in UPnP IDG (Universal Plug ‘n Play Internet Device Gateway) which is used by many NAT routers to enable devices like Apple TV to get on the Internet. At least one security researcher was quoted as saying this is a serious flaw.

The update is only available through Apple TV’s self-update feature. Apple TV checks for updates on a weekly schedule so it may be up to a week before it receives the update. You can also manually trigger the update by selecting Settings -> Update Software from the menu.

After applying the update the software version will be 1.1. You can check the version by selecting Settings -> About from the menu.