This document describes the security content of tvOS 26.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released September 15, 2025
Available for: Apple TV 4K (2nd generation and later)
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43344: an anonymous researcher
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43317: Mickey Jin (@patch1t)
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43346: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43354: Csaba Fitzl (@theevilbit) of Kandji
CVE-2025-43303: Csaba Fitzl (@theevilbit) of Kandji
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing a maliciously crafted video file may lead to unexpected app termination
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2025-43349: @zlluny working with Trend Micro Zero Day Initiative
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: The issue was addressed with improved input validation.
CVE-2025-43372: 이동하 (Lee Dong Ha) of SSA Lab
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2025-43302: Keisuke Hosoda
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2025-31255: Csaba Fitzl (@theevilbit) of Kandji
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A UDP server socket bound to a local interface may become bound to all interfaces
Description: A logic issue was addressed with improved state management.
CVE-2025-43359: Viktor Oreshkin
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to cause a denial-of-service
Description: A type confusion issue was addressed with improved memory handling.
CVE-2025-43355: Dawuge of Shuffle Team
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43329: an anonymous researcher
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing a file may lead to memory corruption
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-6965
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An input validation issue was addressed
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43347: JZ, Seo Hyun-gyu (@wh1te4ever), Luke Roberts (@rookuu)
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A website may be able to access sensor information without user consent
Description: The issue was addressed with improved handling of caches.
WebKit Bugzilla: 296153
CVE-2025-43356: Jaydev Ahire
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 296490
CVE-2025-43343: an anonymous researcher
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A correctness issue was addressed with improved checks.
WebKit Bugzilla: 296042
CVE-2025-43342: an anonymous researcher
We would like to acknowledge 要乐奈 for their assistance.
We would like to acknowledge Rosyna Keller of Totally Not Malicious Software for their assistance.
We would like to acknowledge Christian Kohlschütter for their assistance.
We would like to acknowledge Yinyi Wu (@_3ndy1) from Dawn Security Lab of JD.com, Inc for their assistance.
We would like to acknowledge Noah Gregory (wts.dev) for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji for their assistance.
We would like to acknowledge DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat for their assistance.
We would like to acknowledge Yepeng Pan, Prof. Dr. Christian Rossow for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge Barrett Lyon for their assistance.
We would like to acknowledge Dora Orak for their assistance.
We would like to acknowledge Rosyna Keller of Totally Not Malicious Software for their assistance.
We would like to acknowledge Wojciech Regula of SecuRing (wojciechregula.blog), 要乐奈 for their assistance.
We would like to acknowledge Bob Lord, Matthew Liang, Mike Cardwell of grepular.com for their assistance.
We would like to acknowledge Aobo Wang (@M4x_1997), Csaba Fitzl (@theevilbit) of Kandji, Noah Gregory (wts.dev), Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher for their assistance.