Apple patches major security bug on Apple TV via 6.0.2 update

by Roshan on February 23, 2014


IMG 31612 Apple patches major security bug on Apple TV via 6.0.2 update

This Friday, Apple revealed a major security glitch in Apple’s iOS devices, relatated to SSL implementation. Later analysts looked into it only to find that OS X and Apple TV are also affected and that it is an easily exploitable yet a seriously injurious one.

The bug seems to result in failed validation of SSL certification of sites. And for users that would mean, many data which are supposed to be secure are being transferred un-encrypted. Though domain access seems to be protected, direct SSL connections to IP addresses was found to be exploitable. So a hacker’s access to data used through Safari is unlikely, but to that through apps is possible as most of them communicates directly with their servers. And that is why Apple TV apps can also be affected.

Apple describes the vulnerability as follows:

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

You can read more on the bug here.

But no worries, Apple is quick to seal the bleed and released new software updates for the affected devices. 7.0.6 for iOS devices, 6.1.6 for older iOS devices and 6.0.2 for Apple TV 2 and 3 are now available. You can goto Settings > General > Software update to check for and install the new firmware.

best atv games banner Apple patches major security bug on Apple TV via 6.0.2 update

However OS X bug is still unrepaired, during the time of writing. You can quickly browse to gotofail.com to find out if any of your device is vulnerable. If yes, I recommend you guys to update immediately. Else any hacker could pose as a secure site and pull you data.

IMG 16856 Apple patches major security bug on Apple TV via 6.0.2 update

Now, though things have settled a bit for users, they are far from over for Apple. It is still uncertain as to when the bug was introduced (surely before iOS 6) and whether anybody has already been victim to unauthorized access. Many developers have explained on their blogs as to how the bug works and how it could be exploited and this could pose a great threat to those who haven’t patched it yet.

On the other hand, some are accusing this to be an intentional backdoor for NSA access while others are wondering if there are more such simple, unnoticed security breach roads. Only time will tell if Apple will shine above these dark clouds or get buried in lawsuits.

Be sure to follow Apple TV Hacks on Facebook, Twitter and Google+ for all the latest Apple TV-related news.

Source Neowin
  • Todd

    “Get buried in lawsuits” It’s funny that we don’t hear this kind of rubbish with the security holes that are patched monthly for Windows. Making mountains out of mole hills I say.

  • Euan Lake

    Has someone confirmed whether this update breaks the PlexConnect functionality?

  • Sam

    If plex is finished I might as well threo my Apple TV out the window.

  • jabohn

    It seems that since the 6.0.2 update, movie restrictions are ignored and always ask for a password for movies higher than PG, no matter what setting you have. Only once you turn restrictions off does it stop asking for the password. I’ve seen this on 2 appletvs this week since the latest update.

Previous post:

Next post: