About the security content of tvOS 17.2 – Apple Support

About the security content of tvOS 17.2 - Apple Support

December 11, 2023 at 01:45PM

Summary:

Apple has addressed multiple security issues in its products. These include improved redaction of sensitive information, memory handling, and input validation. The vulnerabilities could lead to disclosing sensitive information, arbitrary code execution, denial-of-service, and breaking out of sandbox. Updates are available for Apple TV HD and Apple TV 4K.

Based on the meeting notes, the following takeaways can be generated:

– AVEVideoEncoder is affected by CVE-2023-42884, which may allow an app to disclose kernel memory. An update is available for Apple TV HD and Apple TV 4K (all models).

– ImageIO is affected by CVE-2023-42898 and CVE-2023-42899, which may lead to arbitrary code execution when processing an image. An update is available for Apple TV HD and Apple TV 4K (all models).

– Kernel is affected by CVE-2023-42914, which may allow an app to break out of its sandbox due to improved memory handling. An update is available for Apple TV HD and Apple TV 4K (all models).

– WebKit is affected by CVE-2023-42890, which may lead to arbitrary code execution when processing web content. An update is available for Apple TV HD and Apple TV 4K (all models).

– WebKit is also affected by CVE-2023-42883, which may lead to a denial-of-service when processing images. An update is available for Apple TV HD and Apple TV 4K (all models).

– WebKit is affected by CVE-2023-42916 and CVE-2023-42917, which may disclose sensitive information and lead to arbitrary code execution when processing web content. Apple is aware of reports of exploitation against versions of iOS before iOS 16.7.1. An update is available for Apple TV HD and Apple TV 4K (all models).

These takeaways highlight the vulnerabilities and impacted products, along with the availability of updates for Apple TV HD and Apple TV 4K.

Full Article