14 DAY TRIAL // According to a new technical note uploaded by Apple on the Support area of its web site, iOS 4.1 for Apple TV fixes a number of issues in FreeType (a TrueType rendering engine), as well as multiple vulnerabilities in libpng (the official PNG reference library).
FreeType is a portable and highly efficient TrueType rendering engine that is used to bring TrueType support to a very large variety of platforms and environments, be they font servers, graphics libraries or embedded systems.
The Apple TV implementation of the software apparently suffered from a few flaws, the most serious of which may lead to arbitrary code execution in certain scenarios. The flaw was found in version 4.0 of the Apple TV software, and is fixed in iOS 4.1, Apple claims.
The flaw is described as follows:
Impact: Multiple vulnerabilities in FreeType
Description: Multiple vulnerabilities exist in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/
The second addressed issue in iOS 4.1 for Apple TV is described as follows:
Impact: Multiple vulnerabilities in libpng
Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
Although reports indicate that Apple has rolled out version 4.1 of the Apple TV firmware, the download link made available by Apple indicates users are dealing with a version 4.2 of the Apple TV iOS.
Regardless of this aspect, it is known that the new iOS for Apple TV adds support for AirPlay, the feature which permits iOS devices to stream music, photos and videos to the set-top box, as well as support for VoiceOver, a function originating from Mac OS X which reads menu and content descriptions out loud for the visually impaired.