Apple has released an Apple TV 1.1 update that brings YouTube functionality to the device and provides the following security enhancements;
A remote attacker may be able to cause a denial of service or arbitrary code execution A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the Apple TV implementation. By sending a maliciously crafted packet, a remote attacker can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets. Credit to Michael Lynn of Juniper Networks for reporting this issue.
This update is only available directly to the Apple TV, and will not appear in the Mac OS X Software Update application, or in the Apple Downloads site.
You can manually update your Apple TV using the TV interface by selecting Settings > Update Software.