Published on January 24th, 2018 | by Kirk Hiner

Apple details security content of tvOS 11.2.5 update

You likely saw yesterday that Apple has released tvOS 11.2.5 for Apple TV users. It may not sound like much of an update, focusing on the typical performance improvements and bug fixes, but it also addresses numerous security vulnerabilities.

A quick look at Apple’s support page reveals what vulnerabilities were addressed, and how they were addressed. Specifically:

Audio:

A memory corruption issue was addressed through improved input validation.

Core Bluetooth:

A memory corruption issue was addressed with improved memory handling.

Kernel:

A memory initialization issue was addressed through improved memory handling.
A race condition was addressed through improved locking.
A memory corruption issue was addressed through improved input validation.
A validation issue was addressed with improved input sanitization.

QuartzCore:

A memory corruption issue existed in the processing of web content. This issue was addressed through improved input validation.

Security:

A certificate evaluation issue existed in the handling of name constraints. This issue was addressed through improved trust evaluation of certificates.

Webkit:

Multiple memory corruption issues were addressed with improved memory handling.

Apple’s support doc offers more information on each, so head over for full details. If you’d rather not, we understand. What’s important is that you grab the update by going to Settings > System > Software Updates on your Apple TV and running the download.

About the Author

Kirk Hiner has been writing for the Apple web since 1997, having served as editor of Applelinks and the Technology Tell Apple Channel. In addition to his work with BEST Apple TV, Kirk currently contributes to Mac Gamer HQ and Pure Nintendo. He lives with his wife and three children in small-town Ohio where the land is cheap and the air is (relatively) clean.