IoT devices are enlarging our attack surface, we are surrounded by devices that manage a huge quantity of information and that could be abused by hackers.
Apple has patched more than 60 vulnerabilities affecting the Apple TV, including flaws that can lead to arbitrary code execution, information disclosure, crash of the application, modifications to protect parts of the filesystem.
This new release of Apple TV version 7.2.1, comes 10 months after the lasted update issued in April 2015. The new version fixes a number of security vulnerabilities in several components of the Apple TV. The company has patched 33 issued, collectively referenced in 58 CVEs, Apple fixed 19 code execution holes that could be exploited with crafted web content.
The changes will be automatically applied to the users that have enabled the automatic updates.
The experts at Apple solved serious security issued residing in the WebKit, the kernel, the third-party app sandbox, Office Viewer, IOKit, ImageIO, FontParser, DiskImages, bootp, CloudKit, and other libraries.
A close look at the list of security holes reveals the presence of a memory corruption flaw (CVE-2015-5776) that could be exploited to by a remote attacker to gain arbitrary code execution or crash applications. Other security vulnerabilities could be triggered by attackers using malicious or malformed DMG files, plists, and apps.
The new release included a series of fixes that Apple has released over the time for other products, the company is spending a significant effort to design a new generation of devices with improved security and that meets strict requirements in term of security.
Recently the company refused to hack into the San Bernardino shooter’s iPhone, and while the dispute with the FBI is going on, it has been reported that Apple is working on a new model that will be impossible to hack.
(Security Affairs – Apple TV, hacking)