-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-19-2 Apple TV 5.2.1 Apple TV 5.2.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: A local user may be able to execute unsigned code Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments. CVE-ID CVE-2013-0977 : evad3rs Apple TV Available for: Apple TV 2nd generation and later Impact: A local user may be able to determine the address of structures in the kernel Description: An information disclosure issue existed in the ARM prefetch abort handler. This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context. CVE-ID CVE-2013-0978 : evad3rs Apple TV Available for: Apple TV 2nd generation and later Impact: A local user may be able to execute arbitrary code in the kernel Description: The IOUSBDeviceFamily driver used pipe object pointers that came from userspace. This issue was addressed by performing additional validation of pipe object pointers. CVE-ID CVE-2013-0981 : evad3rs Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRR374AAoJEPefwLHPlZEwZCsQAKauofHzY4DpkQCj8UsuUy3J cTHaj/XE1B8z9ef7d/h/p5EqVTi8HFfcyvWsqLBFfWjFsMzjT6Q/VLu2b1bN4bvw PNdNReLLnnxrgAbA59MT6G6cFV0P+0Dth8d8xjEytY74NOrtHFU5ZZtzabtuaHC4 pvXybqdP1sP/Ra4/z+NdP+1b77Jm18mWvfV9zUb2z8A8J1zgLTk5p/+G8rcXnf38 UvGuz+Bc0ntX/cawX6Ajyyu+FCVvgsUJivV0ijUnwOAje8Iul6rEeBYVT9BGwwD8 9sM6sFxlyUN7GHQN4qnP37sQNm51OcRllqLSbNDcajfI4GrBqMDfR4w446R39A/y poOF2xiaJzQltTXPD+9sfxM2SNA5z6dYK8NQEdiCf3iStA2PlO/S6QjukHGGslwQ a3wsAm1a+ubWmwgNuTpS3+xcAq9IK0P/BkTqI0etH/fMZ9vPzI8lsY0fmsGBCIrK FAaR7QHFTRCYISLA0Hp7wfBOMRkVAkVbfXum3NNPol1CLfj8GRVVxSwjQY5l2S13 XmFA3ZDtJ3yh56g9gu6bks6EEWjU33xAksQNuIhgxenRraNJClIrVJOWc2EXLCcs HxrCkd8wxOGHz9irbXMnETKCYcmgID5x7DK9BbAcqleWqG0R24iTTAgMesV+Le1w GFIZVf/ohGVSaVp0gEnb =15vy -----END PGP SIGNATURE-----