Released March 24, 2020
ActionKit
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to use the SSH client provided by the private framework
Description: This issue was addressed with a new authorization.
AppleMobileFileIntegrity
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to use arbitrary authorization
Description: This issue was addressed through improvement checks.
icon
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to identify other applications that the user has installed
Description: This issue was addressed through improved icon cache handling.
Image Processing
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with system permissions
Description: A "post-release" issue has been addressed through improved memory management.
IOHIDFamily
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code with kernel permissions
Description: A memory initialization issue was addressed through improved memory handling.
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to read limited memory
Description: A memory initialization issue was addressed through improved memory handling.
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code with kernel permissions
Description: Multiple memory corruption issues have been addressed through improved state management.
libxml2
Available for: Apple TV 4K and Apple TV HD
Impact: Multiple issues in libxml2
Description: A buffer overflow issue was addressed through improved boundary checking.
libxml2
Available for: Apple TV 4K and Apple TV HD
Impact: Multiple issues in libxml2
Description: A buffer overflow issue was addressed with improved size verification.
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to read limited memory
Description: Race conditions have been resolved with additional verification.
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A memory consumption issue was addressed through improved memory handling.
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to cross-site scripting attacks
Description: An input validation issue was addressed through improved input validation.
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Type confusion has been addressed through improved memory handling.
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: The download source may be incorrectly associated
Description: A logical issue was addressed through improved access restrictions.
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to code execution
Description: A "post-release" issue has been addressed through improved memory management.
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code execution
Description: Type confusion has been addressed through improved memory handling.
WebKit page load
Available for: Apple TV 4K and Apple TV HD
Impact: A file URL may be processed incorrectly
Description: A logical issue was addressed through improved access restrictions.