Mac TiVo Desktop users: IMPORTANT upgrade announcement

Posted on Tuesday, March 2, 2004 by MegaZone

In case you haven’t seen this email from TiVo:

Recently, a security vulnerability affecting the TiVo Desktop application for Macs was brought to our attention. The reported vulnerability has been fixed in version 1.7, which is now available for download.If you use a Mac, please go to http://www.tivo.com/desktop to download the updated TiVo Desktop application for Mac as soon as possible.

TiVo Desktop for Mac v. 1.7 offers you the highest levels of performance and security available.

Thank you for your attention to this matter and keep enjoying Home Media Option(TM)!

- The TiVo Team

All Mac Users: TiVo Security Advisory
Date Released
March 1, 2004

Affected Software
TiVo Desktop v. 1.5 for Mac
TiVo Desktop v. 1.6 for Mac

Description
A local privilege escalation vulnerability was identified in the TiVo Desktop application that may allow arbitrary code execution.

Mitigating Factors
Local system access is required to exploit the identified vulnerability.

Recommended Action
All TiVo Desktop for Macs should upgrade to TiVo Desktop, v. 1.7. Please go to http://www.tivo.com/desktop to download and install the update as soon as possible.

About MegaZone

MegaZone is the Editor of Gizmo Lovers and the chief contributor. He's been online since 1989 and active in several generations of 'social media' - mailing lists, USENet groups, web forums, and since 2003, blogging.    MegaZone has a presence on several social platforms: Google+ / Facebook / Twitter / LinkedIn / LiveJournal / Web.    You can also follow Gizmo Lovers on other sites: Blog / Google+ / Facebook / Twitter.
This entry was posted in TiVo. Bookmark the permalink.
  • unteins

    Aggghhh…..but its so useless for Audio playback….

    Lesee….iTunes by default rips to AAC, iTunes music store sells in AAC…..but no AAC playback for Tivo….

    Bummer…I was going to download it, but maybe not then…

  • megazone

    Apple and TiVo are supposedly working on better integration – but I don’t think the chip in the TiVo does MPEG4 at all, so most likely that’d be transcoding the AAC to MP3 before streaming. That’s what J. River does on the PC for a number of formats. Of course, the problem with Protected AAC is only Apple can pry them open, and they haven’t done anything to support non-Apple devices.

  • unteins

    Actually the Protected AAC files have been pried open for several months, so it is possible to work with them if you have to. Of course I don’t think the RIAA is thrilled about this, but it is possible to access an unprotected file.

  • megazone

    I mean legitimately – I know about the hack. But no one can produce a real product to work with Protected AAC without Apple’s blessing. Even many open source folks aren’t going to touch the hack because of the legal trouble it invites – it is a DMCA violation in the US.

  • buran

    While QuickTime itself will not export a FairPlay-wrapped file to MP3, it’s possible to do it with other apps. I convert my files to standard MP3 and then dump the AAC ones. (I cannot tell if there is a difference in quality, as my hearing is not that good.) I use Fetch Art to grab the cover art from amazon.com since the conversion loses that. Once it’s a standard MP3 file just about anything will play it.

    There’s another streaming audio device that I’ve seen (though I forget its name) that also can’t do AAC. Plus, when I was running the HMO demo, I got frustrated by skips due to the streaming not being perfect.

    Thus, I have various audio cables and will just use the audio out jack on my Powerbook and the second pair of RCA inputs on my speakers to play music when online from the couch. Free, no skips, controlled right in iTunes. I just need a 1/8″ gender-changer (male to male) to finish the job. I’ll buy that at Radio Shack soon.

    Have 2 song credits at iTMS courtesy of Pepsi, another bottle in the fridge has (I’m pretty darn sure) a code under the cap. Haven’t decided what to spend them on. Tolerating the crappy soda for the free music (I hate Pepsi’s aftertaste).

  • unteins

    Possibly, but there was a recent ruling that declared that DeCSS for DVDs wasn’t a trademark or something like that. So there is hope the courts will get a clue.

    I am surprised Apple isn’t working with Tivo to let Tivo play AAC directly. People were playing MP3s in software on the Series 1 boxes and they weren’t nearly as fast. But I’d be happy with an on the fly conversion if it didn’t sound like garbage.

  • buran

    I think there may be fees involved in building an AAC decoder, but I honestly don’t know. Those fees may actually be the reason rather than the wrapping, though I’m not sure, and it could actually be both. MP3 is so prevalent that it’s used by almost everything, so it’s pretty safe to assume that that’s what people are using.

    I’d like to see Ogg Vorbis support start showing up in more places, but it’ll take awhile.

  • unteins

    I use my iPod hooked up to the stereo in the living room if the Cube speakers don’t blast loud enough for me.

    I have 11 credits in the iTMS. I like Diet Pepsi way better than Diet Battery Acid (Coke). I am 19 for 20 with free Music…I gave up being subtle about looking under the caps…what are the going to do, not sell me soda….

  • megazone

    The DeCSS case actually isn’t too significant. DeCSS is still illegal under the DMCA in the US – at least by current court decisions.

    The reversal in CA was over CA law – the case was brought under a state ‘trade secrets’ law. The person who posted DeCSS was ordered to take it down based on the claim that it exposed a DVD industry trade secret, which is protected under state law. The appeals court declared that since DeCSS was already on web servers around the globe by the time the defendant posted it, it was no longer a secret and therefore not protected under the state trade secrets law. It has no implication for copyright or the DMCA claims used in other cases to successfully block DeCSS.

  • megazone

    I’m not sure what the fee structure is for AAC – it is MPEG4 audio, and there are fees for using MPEG4, so I expect there are fees on AAC.

    MP3 isn’t free either – license fees are charged to use the technology incorporated in MP3. TiVo licenses it – the verbiage is in the system info screen.

  • megazone

    Hmm… Streaming seems to work OK for me over my 100baseT network – even from my old PII-400 craptop running WinME. Or using TiVo’s online servers – I have 1.5/768 DSL.

  • buran

    The ruling was that it’s no longer a trade secret. Which was rather obvious to The Real World ™ for a long time …

    Slashdot discussion and story links

    Also of interest…

    DRM might show up in the MP3 format

  • buran

    Technically it’s not, no (it’s patented, for now) — though I think the license fees are levied for making an encoder rather than decoders, and for that reason, decoders (iTunes, Winamp, xmms for instance) are available for free. Though that isn’t strictly true — there’s stuff like the LAME encoder which is distributed in various forms as a freeware application. For instance, Audacity (a multiplatform audio editor) doesn’t make MP3 files on its own for legal reasons, but will hook into an external encoding library, usually LAME.

  • buran

    It works okay on good days. On bad days, it drives me nuts.

    But I’ve got wireless, which can fall victim to signal-strength issues. For that reason, and because it’s so much cheaper, I’ll just temporarily run a cable across the room to the couch when I want to listen to music.

  • buran

    Diet anything tastes like battery acid to me.

  • hilker

    In fact, there are license fees for decoders.