14 DAY TRIAL // The recently-released Apple TV is already vulnerable to online attacks as it contains a moderately critical security flaw. The hole can allow an attacker to connect to an affected system, compromise it and obtain higher privileges. Security company Secunia rated the flaw as moderately critical and sustained the only solution is to update the software to version 1.1. As you might know, you can do this by using the "Update Software" function included in any Apple TV device.
"The vulnerability is caused due to a boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code," Secunia said.
Apple confirmed the vulnerability and added that the flaw will be automatically patched as part of the weekly update check. Once the device discovers an available software update, it automatically downloads and installs it without informing the users. "By sending a maliciously crafted packet, a remote attacker can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets," the Cupertino company described the flaw.
Apple TV was one of the long-awaited Apple products because it provides innovative functions that were never included in any other solution. Using the device, you can view high-quality movies straight from your Mac computer on a high-definition TV. Yesterday, Apple released an updated version of the Apple TV that contains YouTube support, allowing users to view online clips with a simple and free account. Also, Steve Jobs, Apple's CEO, announced that the online video sharing service owned by Google will be an important part of the upcoming iPhone, the mobile device that is scheduled for release on June 29.