About the security content of tvOS 14.5

This document describes the security content of tvOS 14.5.

About Apple security updates

For our customers’ protection, Apple doesn’t disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

tvOS 14.5

Released 26 April 2021

AppleMobileFileIntegrity

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to bypass Privacy preferences

Description: An issue in code signature validation was addressed with improved checks.

CVE-2021-1849: Siguza

Assets

Available for: Apple TV 4K and Apple TV HD

Impact: A local user may be able to create or modify privileged files

Description: A logic issue was addressed with improved restrictions.

CVE-2021-1836: an anonymous researcher

Audio

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to read restricted memory

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab

CFNetwork

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: A memory initialisation issue was addressed with improved memory handling.

CVE-2021-1857: an anonymous researcher

CoreAudio

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted audio file may disclose restricted memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab

CoreAudio

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to read restricted memory

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab

CoreText

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: A logic issue was addressed with improved state management.

CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab

FontParser

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro and Hou JingYi (@hjy79425575) of Qihoo 360

Foundation

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)

Foundation

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to gain root privileges

Description: A validation issue was addressed with improved logic.

CVE-2021-1813: Cees Elzinga

Heimdal

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted server messages may lead to heap corruption

Description: This issue was addressed with improved checks.

CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)

Heimdal

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to cause a denial of service

Description: A race condition was addressed with improved locking.

CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)

ImageIO

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1885: CFF of Topsec Alpha Team

ImageIO

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30653: Ye Zhang of Baidu Security

CVE-2021-1843: Ye Zhang of Baidu Security

ImageIO

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-1858: Mickey Jin of Trend Micro

iTunes Store

Available for: Apple TV 4K and Apple TV HD

Impact: An attacker with JavaScript execution may be able to execute arbitrary code

Description: A use after free issue was addressed with improved memory management.

CVE-2021-1864: CodeColorist of Ant-Financial LightYear Labs

Kernel

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to disclose kernel memory

Description: A memory initialisation issue was addressed with improved memory handling.

CVE-2021-1860: @0xalsr

Kernel

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-1816: Tielei Wang of Pangu Lab

Kernel

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved state management.

CVE-2021-1851: @0xalsr

Kernel

Available for: Apple TV 4K and Apple TV HD

Impact: Copied files may not have the expected file permissions

Description: The issue was addressed with improved permissions logic.

CVE-2021-1832: an anonymous researcher

Kernel

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to disclose kernel memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30660: Alex Plaskett

libxpc

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to gain root privileges

Description: A race condition was addressed with additional validation.

CVE-2021-30652: James Hutchins

libxslt

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted file may lead to heap corruption

Description: A double free issue was addressed with improved memory management.

CVE-2021-1875: Found by OSS-Fuzz

MobileInstallation

Available for: Apple TV 4K and Apple TV HD

Impact: A local user may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved restrictions.

CVE-2021-1822: Bruno Virlet of The Grizzly Labs

Preferences

Available for: Apple TV 4K and Apple TV HD

Impact: A local user may be able to modify protected parts of the file system

Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

Tailspin

Available for: Apple TV 4K and Apple TV HD

Impact: A local attacker may be able to elevate their privileges

Description: A logic issue was addressed with improved state management.

CVE-2021-1868: Tim Michaud of Zoom Communications

WebKit

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

WebKit

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to a cross-site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions

WebKit

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-1817: zhunki

Entry updated 6 May 2021

WebKit

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross-site scripting

Description: A logic issue was addressed with improved restrictions.

CVE-2021-1826: an anonymous researcher

WebKit

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: A memory initialisation issue was addressed with improved memory handling.

CVE-2021-1820: André Bargull

Entry updated 6 May 2021

WebKit Storage

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30661: yangkang (@dnpushme) of 360 ATA

Additional recognition

Assets

We would like to acknowledge Cees Elzinga for their assistance.

Entry added 6 May 2021

CoreAudio

We would like to acknowledge an anonymous researcher for their assistance.

Entry added 6 May 2021

CoreCrypto

We would like to acknowledge Andy Russon of Orange Group for their assistance.

Entry added 6 May 2021

Foundation

We would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance.

Entry added 6 May 2021

Kernel

We would like to acknowledge Antonio Frighetto of Politecnico di Milano, GRIMM, Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, Haixin Duan, Mikko Kenttälä (@Turmio_) of SensorFu, Proteas and Tielei Wang of Pangu Lab for their assistance.

Entry added 6 May 2021

Security

We would like to acknowledge Xingwei Lin of Ant Security Light-Year Lab and john (@nyan_satan) for their assistance.

Entry added 6 May 2021

sysdiagnose

We would like to acknowledge Tim Michaud (@TimGMichaud) of Leviathan for their assistance.

Entry added 6 May 2021

WebKit

We would like to acknowledge Emilio Cobos Álvarez of Mozilla for their assistance.

Entry added 6 May 2021

WebSheet

We would like to acknowledge Patrick Clover (independent researcher) for their assistance.

Entry added 6 May 2021

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: