Apple has patched 33 problems, collectively named in 58 CVEs, in its latest TV-enhancing computer-puck, of which 10 enable arbitrary code execution, six with system privileges. 32 of the flaws hit third-generation Apple TV devices and just one its newer, fatter, fourth-gen beast. The good news is that the changes will automagically appear for those users with automatic updates turned on. The rest are susceptible to nasties like a memory corruption flaw (CVE-2015-5776) that allows remote attackers to gain arbitrary code execution or crash applications. Another three holes in an old version of libxml2 allow remote denial of service (CVE-2012-6685, CVE-2014-0191 and CVE-2014-3660 reported by Google’s Felix Groebert).
View full story
ORIGINAL SOURCE: The Register