Apple details security content of tvOS 11.2.5 update
You likely saw yesterday that Apple has released tvOS 11.2.5 for Apple TV users. It may not sound like much of an update, focusing on the typical performance improvements and bug fixes, but it also addresses numerous security vulnerabilities.
A quick look at Apple’s support page reveals what vulnerabilities were addressed, and how they were addressed. Specifically:
Audio:
- A memory corruption issue was addressed through improved input validation.
Core Bluetooth:
- A memory corruption issue was addressed with improved memory handling.
Kernel:
- A memory initialization issue was addressed through improved memory handling.
- A race condition was addressed through improved locking.
- A memory corruption issue was addressed through improved input validation.
- A validation issue was addressed with improved input sanitization.
QuartzCore:
- A memory corruption issue existed in the processing of web content. This issue was addressed through improved input validation.
Security:
- A certificate evaluation issue existed in the handling of name constraints. This issue was addressed through improved trust evaluation of certificates.
Webkit:
- Multiple memory corruption issues were addressed with improved memory handling.
Apple’s support doc offers more information on each, so head over for full details. If you’d rather not, we understand. What’s important is that you grab the update by going to Settings > System > Software Updates on your Apple TV and running the download.