-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-11-03-2025-5 tvOS 26.1
tvOS 26.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125637. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Neural Engine Available for: Apple TV 4K (2nd generation and later) Impact: An app may be able to cause unexpected system termination or corrupt kernel memory Description: The issue was addressed with improved memory handling. CVE-2025-43462: an anonymous researcher AppleMobileFileIntegrity Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access protected user data Description: This issue was addressed with improved validation of symlinks. CVE-2025-43379: Gergely Kalman (@gergely_kalman) Assets Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved entitlements. CVE-2025-43407: JZ CloudKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved validation of symlinks. CVE-2025-43448: Hikerell (Loadshine Lab) CoreServices Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to enumerate a user's installed apps Description: A permissions issue was addressed with additional restrictions. CVE-2025-43436: Zhongcheng Li from IES Red Team of ByteDance CoreText Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2025-43445: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative FontParser Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2025-43400: Apple Installer Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to fingerprint the user Description: A permissions issue was addressed with additional restrictions. CVE-2025-43444: Zhongcheng Li from IES Red Team of ByteDance Kernel Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to cause unexpected system termination Description: The issue was addressed with improved memory handling. CVE-2025-43398: Cristian Dinca (icmd.tech) libxpc Available for: Apple TV HD and Apple TV 4K (all models) Impact: A sandboxed app may be able to observe system-wide network connections Description: An access issue was addressed with additional sandbox restrictions. CVE-2025-43413: Dave G. and Alex Radocea of supernetworks.org MallocStackLogging Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access sensitive user data Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation. CVE-2025-43294: Gergely Kalman (@gergely_kalman) Model I/O Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2025-43386: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43385: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43384: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43383: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative WebKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: A malicious website may exfiltrate data cross-origin Description: The issue was addressed with improved checks. WebKit Bugzilla: 276208 CVE-2025-43480: Aleksejs Popovs WebKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed through improved state management. WebKit Bugzilla: 296693 CVE-2025-43458: Phil Beauvoir WebKit Bugzilla: 298196 CVE-2025-43430: Google Big Sleep WebKit Bugzilla: 298628 CVE-2025-43427: Gary Kwong, rheza (@ginggilBesel) WebKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed with improved checks. WebKit Bugzilla: 299843 CVE-2025-43443: an anonymous researcher WebKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298496 CVE-2025-43441: rheza (@ginggilBesel) WebKit Bugzilla: 299391 CVE-2025-43435: Justin Cohen of Google WebKit Bugzilla: 298851 CVE-2025-43425: an anonymous researcher WebKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed with improved checks WebKit Bugzilla: 298126 CVE-2025-43440: Nan Wang (@eternalsakura13) WebKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing maliciously crafted web content may lead to memory corruption Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298093 CVE-2025-43433: Google Big Sleep WebKit Bugzilla: 298194 CVE-2025-43431: Google Big Sleep WebKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 299313 CVE-2025-43432: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative WebKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A buffer overflow was addressed with improved bounds checking. WebKit Bugzilla: 298232 CVE-2025-43429: Google Big Sleep WebKit Canvas Available for: Apple TV HD and Apple TV 4K (all models) Impact: A website may exfiltrate image data cross-origin Description: The issue was addressed with improved handling of caches. WebKit Bugzilla: 297566 CVE-2025-43392: Tom Van Goethem Additional recognition MobileInstallation We would like to acknowledge Bubble Zhang for their assistance. WebKit We would like to acknowledge Enis Maholli (enismaholli.com), Google Big Sleep for their assistance. Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmkJTYsACgkQ4Ifiq8DH 7PX0FA//a++LR4C2WKHm08hvZy4qxEs9PfTCTmoUkeOBwbPbDQUHRVx15wjttydr HhF4rtRfNfdWBCROMbjxzsXJkCwv2mYubJaRUXJCy7rNPU0VVCJnntU3qgPwCco2 Cx93zUWqf4wWDIEIisQksKgzE7+qRQkxluFiYBsfX/RLJCWG8ztiB7G8DJRyepM0 TYj876nLitfeeHIh9sMX4e1HLsvK1wuHgZLZexq7ND4Kn+jlNXzPe9FK8GnpO5cP 9vJAo0YzQ8PiyOrRUmIZyMCQ9+KcBOnZu1e4WJiisJzDglXX6HXrExgX5ETBNYpH y3y3i4IAx8XyO1L837vlVW/ZT7PXe9cIGtBirDUqnA56t5uXYGn5ZMj7aMZ5ZWNy XHN+qrK9pqWf05w9tSJBQ239Q7UIqU9QLIiwsP6hMj1FTa+QSjNqm5Ac8Fo7EBNs r8niurN5NByoHG13N+4lJNHFN1jg7RHCaR9hy0C1Gb0P+OZLW/+S4fKXxvxZ2HGT lKWVpwt1yWO1/lpyt2/7rLC0ja8XT/dVUhIBy/wXOiZ5O1fphb2KrOa5iKp7h1Uv e4qzj1H+QrqlM6OxQVKv8fuj+/9Q57KhwTpkYB5gzV5zfui+Z5go9BafUmd4zIgZ J0KDYVqBlNkV9IcRuhH1fKHtEKnxbkrTQxmj+DhF3HVN5iMoWcc= =LB5R -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
