5 posts / 0 new / Last post
#1  February 25, 2014 - 2:39pm
chezfugu's picture
Offline
Joined: Jan 2012
Posts: 2
Kudos: 0

What's the consensus regarding the SSL security bug and aTV2 Flash (5.3)? Is it possible to patch the OS to fix the vulnerability (I see that it's possible with jailbroken iPhone/iPads using Cydia, but not option for ATV). Or is this security issue not much of a concern given that the ATV is only used at home? Don't think I should be too concerned, but curious to get feedback on this issue. 

  February 25, 2014 - 2:42pm
itimpi's picture
Moderator
Offline
Joined: Dec 2010
Posts: 2,073
Kudos: 117
  chezfugu wrote:

What's the consensus regarding the SSL security bug and aTV2 Flash (5.3)? Is it possible to patch the OS to fix the vulnerability (I see that it's possible with jailbroken iPhone/iPads using Cydia, but not option for ATV). Or is this security issue not much of a concern given that the ATV is only used at home? Don't think I should be too concerned, but curious to get feedback on this issue. 

The descriptions of the bug suggests it involves Safari.  If that is the case then it cannot affect the ATV2.

I AM A USER - NOT A FIRECORE EMPLOYEE

  February 25, 2014 - 2:57pm
chezfugu's picture
Offline
Joined: Jan 2012
Posts: 2
Kudos: 0
  itimpi wrote:

The descriptions of the bug suggests it involves Safari.  If that is the case then it cannot affect the ATV2.

 

Thanks for the quick reply. I've read that it applies to all SSL/TLS traffic, though. See: http://www.macworld.com/article/2099987/what-y... (See section 'So does this just affect Safari?')    

  February 26, 2014 - 2:48am
jamest.8685's picture
Offline
Joined: Jul 2011
Posts: 58
Kudos: 1
  itimpi wrote:

The descriptions of the bug suggests it involves Safari.  If that is the case then it cannot affect the ATV2.

 

This is incorrect: 

 

http://support.apple.com/kb/HT6148?viewlocale=en_US&locale=en_US

 


Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

 

  March 6, 2014 - 12:49pm
bartzjosh's picture
Offline
Joined: Nov 2013
Posts: 10
Kudos: 0

I'm personally not too worried about this issue because I don't transmit data through my Apple TV that would be exploitable like Credit Card numbers, etc.

I would doubt FireCore would come out with an update, not really worth it.