About the security content of tvOS 18.2 – Apple Support

by

About the security content of tvOS 18.2 - Apple Support

December 11, 2024 at 01:33PM

On December 11, 2024, Apple will release updates for tvOS 18.2, addressing multiple security vulnerabilities. Issues include improved checks and memory handling to prevent unauthorized access to sensitive data and potential memory corruption. The updates apply to Apple TV HD and Apple TV 4K models.

### Meeting Notes Summary

**Apple ID:** 121844
**Release Date:** December 11, 2024
**Affected Product:** tvOS 18.2
**Update Available For:** Apple TV HD and Apple TV 4K (all models)

#### Security Vulnerabilities Addressed:

1. **CVE-2024-54526**
– **Description:** Improved checks implemented.
– **Impact:** Malicious app may access private information.

2. **CVE-2024-54527**
– **Description:** Improved checks implemented.
– **Impact:** App may access sensitive user data.

3. **CVE-2024-54513**
– **Description:** Additional restrictions on permissions applied.
– **Impact:** App may access sensitive user data.

4. **CVE-2024-54486**
– **Description:** Improved checks implemented.
– **Impact:** Maliciously crafted font processing may disclose process memory.

5. **CVE-2024-54500 & CVE-2024-54494**
– **Description:** Additional validation for race conditions applied.
– **Impact:** Attacker may create writable read-only memory mapping.

6. **CVE-2024-54510**
– **Description:** Improved locking implemented for race condition.
– **Impact:** App may leak sensitive kernel state.

7. **CVE-2024-45490 & CVE-2024-54514**
– **Description:** Improved checks implemented.
– **Impact:** App may break out of its sandbox.

8. **CVE-2024-44225**
– **Description:** Improved checks for a logic issue.
– **Impact:** App may gain elevated privileges.

9. **CVE-2024-54501, CVE-2024-54479, CVE-2024-54502, CVE-2024-54508, CVE-2024-54505**
– **Description:** Improved memory handling for type confusion issues.
– **Impact:** Malicious web content may cause memory corruption.

10. **CVE-2024-54534**
– **Description:** Improved memory handling applied.
– **Impact:** Malicious web content may lead to memory corruption.

This release addresses several security vulnerabilities in tvOS 18.2, enhancing the protection of personal and sensitive user data on Apple TV devices.

Full Article