=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN231
_____________________________________________________________________

DATE                : 21/10/2014

HARDWARE PLATFORM(S): Apple TV.

OPERATING SYSTEM(S): Systems running Apple TV software versions prior
                                          to 7.0.1.

======================================================================
http://support.apple.com/kb/HT1222
______________________________________________________________________

APPLE-SA-2014-10-20-2 Apple TV 7.0.1

Apple TV 7.0.1 is now available and addresses the following:

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A malicious Bluetooth input device may bypass pairing
Description:  Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy accessories. If a device
had paired with such an accessory, an attacker could spoof the
legitimate accessory to establish a connection. The issue was
addressed by denying unencrypted HID connections.
CVE-ID
CVE-2014-4428 : Mike Ryan of iSEC Partners

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  An attacker may be able to decrypt data protected by SSL
Description:  There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling CBC cipher suites
when TLS connection attempts fail.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team


Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================