updated 11:45 am EDT, Wed June 20, 2007
Apple TV 1.1
An Apple TV 1.1 software update has been released. The update presumably brings YouTube functionality to the device (as previously reported), as well as resolving a potential denial of service vulnerability and arbitrary code execution vulnerability in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the Apple TV implementation. Apple says that by sending a maliciously crafted packet, a remote attacker can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets. The new release is only available directly to the Apple TV. It is not downloadable through Mac OS X or Windows, nor from the Apple site. You can manually update your Apple TV using the TV interface by selecting Settings > Update Software, or allow it to automatically update (checks are done once a week).