October 13, 2024 at 02:30PM
A security update for tvOS 18, available for Apple TV HD and 4K models, addresses multiple CVEs, including input validation and integrity issues, which could lead to app termination, denial-of-service, unauthorized Bluetooth access, cross site scripting, and data exfiltration. Release date is September 16, 2024.
### Meeting Takeaways
**Release Information:**
– **Apple Id:** 121248
– **Release Date:** September 16, 2024
– **Affected Product:** tvOS 18
– **Update Availability:** Apple TV HD and Apple TV 4K (all models)
**Security Vulnerabilities Addressed:**
1. **CVE-2024-40850 & CVE-2024-27880**
– **Description:** Out-of-bounds read issue fixed with improved input validation.
– **Impact:** Processing a maliciously crafted file could lead to unexpected app termination.
2. **CVE-2024-44176**
– **Description:** Out-of-bounds access issue fixed with improved bounds checking.
– **Impact:** Processing an image may lead to denial-of-service.
3. **CVE-2024-44169 & CVE-2024-40856**
– **Description:** Integrity issue addressed with Beacon Protection.
– **Impact:** Attacker may force device disconnection from a secure network.
4. **CVE-2024-44191**
– **Description:** Issue resolved through improved state management.
– **Impact:** App may gain unauthorized access to Bluetooth.
5. **CVE-2024-44198**
– **Description:** Integer overflow addressed with improved input validation.
– **Impact:** Processing malicious web content may cause an unexpected process crash.
6. **CVE-2024-44183**
– **Description:** Logic error resolved with improved error handling.
– **Impact:** An app may cause a denial-of-service.
7. **CVE-2023-5841 & CVE-2024-40857**
– **Description:** State management issues fixed.
– **Impact:** Processing malicious web content may lead to universal cross-site scripting.
8. **CVE-2024-44187**
– **Description:** Cross-origin issue with “iframe” elements addressed by improving security origin tracking.
– **Impact:** A malicious website may exfiltrate data cross-origin.
### Summary
The meeting focused on security updates related to tvOS 18, detailing various vulnerabilities, their impacts, and the corrective measures implemented in the upcoming release. Users are advised to update their devices to safeguard against these vulnerabilities.