The Anti-virus Times

Apple released a security update for its Apple TV microconsole to close 33 vulnerabilities. A hacker can exploit 10 of the loopholes and execute code on a target machine remotely. Six of them allow code to be executed with elevated privileges. A hacker can also take advantage of a memory corruption error (CVE-2015-5776) and cause an application to crash or execute arbitrary code. The outdated libxml2 library’s three vulnerabilities (CVE-2012-6685, CVE-2014-0191 and CVE-2014-3660), which were discovered by security researcher Felix Groebert, can be exploited to facilitate DDoS attacks. Other flaws can be used to execute code with elevated privileges using malicious DMG files and applications.

https://exploit.in/2016/10514

And, how many vulnerabilities exist that manufacturers don’t yet know about?

Now you can spend more time watching programmes you like instead of searching through countless channels for interesting movies and shows. The Voice Interaction feature enables TVs to process natural speech so that you can just ask a question and the device will suggest shows and movies that align with your preferences.

http://www.samsung.com/ru/consumer/tv-av/tv/full-hd/UE32F6540ABXRU

• Samsung confirmed that their Smart TV devices catch every word a user says so customers are advised not to engage in private conversations in the vicinity of the device.

  According to Samsung, the voice interaction feature of its Smart TV devices captures all nearby conversations. Devices can send data that may include sensitive information to Samsung as well as to third-party services, theweek.com noted.

  https://geektimes.ru/post/271120

• In November 2013, it was discovered that LG's smart TVs send the company's servers undesirable data, including information about what channels users watch and the names of the files that are stored on external hard drives that connect to the devices via USB. After discovering this fact, British blogger “DoctorBeet” wrote that the data keeps being sent even if the user disables this option.
• At the Black Hat Conference in August 2013, Aaron Grattafiori and Josh Yavor showed how vulnerabilities they discovered in 2012 Samsung TV sets enabled hackers to gain remote access to the devices' cameras and any Facebook and Skype applications in use

The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it, moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live — did live, from habit that became instinct — in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.

George Orwell, 1984

Yahoo! filed a patent application for a smart billboard that will be equipped with biometric sensors and microphones. It will be able to collect information about everyone who drives or walks by. Moreover, a billboard of this kind may also feature a retinal scanner and a speech recognition module to determine what a person is looking at and talking about.

http://www.securitylab.ru/news/484070.php