Nov 23, 2010 13:22 GMT  ·  By

Apple has released version 4.1 of the software powering its Apple TV (2nd generation) product, which addresses critical security issues in several components.

Five vulnerabilities, the most severe of which can allow for the execution of arbitrary code on the system, were identified and patched in the FreeType font engine.

FreeType is a popular open source library used by many software projects in order to support font-related operations.

One of the two vulnerabilities used by the JailbreakMe service to jailbreak the first iOS 4.0 devices was located in FreeType.

In addition, the new Apple TV software fixes two separate flaws in libpng, which can also be exploited to execute arbitrary code.

Like FreeType, libpng is a third-party developed library. It supports the features of the PNG format and is also incorporated in a vast array of applications, including browsers, image viewers, office applications and even games.

In order to resolve the two vulnerabilities, the libpng version used in the Apple TV software was updated to 1.4.3, which was released by the PNG Development Group back in June.

The Apple TV update was released at the same time as the new iOS 4.2.1, which also addresses numerous security issues and brings new features like the much-anticipated AirPlay.

The Apple TV (2nd generation) shares the same A4 system-on-a-chip with the iPhone 4, iPad and iPod touch (4th gen), the Apple TV software actually being a custom iOS build.

As a result, most iOS jailbreaking tools currently support Apple TV, although the possibility of running something practical on the device is so far limited to a few widgets.

No jailbreak for the Apple TV software update 4.1 has yet been announced, but we're confident that it will be made available shortly. The iOS hackers are busy on getting an untethered jailbreak for iPhone 4, iPad and iPod touch out first.