What’s the consensus regarding the SSL security bug and aTV2 Flash (5.3)? Is it possible to patch the OS to fix the vulnerability (I see that it’s possible with jailbroken iPhone/iPads using Cydia, but not option for ATV). Or is this security issue not much of a concern given that the ATV is only used at home? Don’t think I should be too concerned, but curious to get feedback on this issue.
The descriptions of the bug suggests it involves Safari. If that is the case then it cannot affect the ATV2.
Thanks for the quick reply. I’ve read that it applies to all SSL/TLS traffic, though. See: http://www.macworld.com/article/2099987/what-you-need-to-know-about-apples-ssl-bug.html (See section ‘So does this just affect Safari?’)
This is incorrect:
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
I'm personally not too worried about this issue because I don't transmit data through my Apple TV that would be exploitable like Credit Card numbers, etc.
I would doubt FireCore would come out with an update, not really worth it.