Apple today released a minor software update for the 3rd generation of its set-top box. Apart from the usual “general performance and stability improvements”, Apple TV 7.0.2 software update also contains the following security fixes:
- Impact: An attacker with a privileged network position may cause an unexpected application termination or arbitrary code execution.
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
- Impact: A local user may be able to execute unsigned code.
Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.
- Impact: A malicious application may be able to execute arbitrary code with system privileges.
Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata.