After a botched software update over the weekend, Apple re-released version 6.0 of its Apple TV product last night, replete with the requisite bells and whistles but not without a slew of security updates and bug fixes.
Most of the patches prevent unexpected application termination and arbitrary code execution that can result when viewing or opening malicious PDF files and movie files on the system.
Two kernel issues discovered by Stefan Esser that could exploit an information disclosure issue and a memory corruption issue in Apple TV and lead to either privilege escalation or unexpected termination are also fixed by the update.
Several flaws addressed in last week’s iOS 7 update also figure into the 6.0 update, including a denial of service bug discovered by Marc Heuse in 2011 involving specially crafted IPv6 ICMP packets and separate issues in the libxslt and libxml libraries.
24 of the 57 bugs were discovered by researchers with Google, 20 of those coming from researchers with the company’s Chrome Security Team. 37 of the 57 bugs deal with memory corruption issues in WebKit and were also discovered by noted Chrome researchers like Sergey Glazunov and miaubiz.
The update was initially pushed to users on Saturday but pulled on Sunday after some users reported the update “bricked” their device and rendered them unusable. Multiple complaints on Apple’s support forums claimed the software update was slow to download and that when it was finally installed, triggered some users’ libraries to disappear. Users that ran Apple TV 5.3, the most recent build of the software, were reportedly unable to install 6.0 after Apple took the update down until last night.
The update also includes a bunch of Apple-branded features like iCloud Photos and Videos and iTunes Radio and AirPlay from iCloud – software that gives users the functionality to stream previously purchased content from iTunes to other Apple TVs.