ManualsPro Apple About the security content of tvOS 14.0

About the security content of tvOS 14.0

June 7, 2024
Apple

About the security content of tvOS 14.0

This document describes the security content of tvOS 14.0.

About Apple security updates

For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE- ID when possible.

For more information about security, see the Apple Product Security page.

tvOS 14.0

Released September 16, 2020

Assets

Available for: Apple TV 4K and Apple TV HD

Impact: An attacker may be able to misuse a trust relationship to download malicious content

Description: A trust issue was addressed by removing a legacy API.

CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup

Entry updated November 12, 2020

Audio

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab

Entry added November 12, 2020

Audio

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab

Entry added November 12, 2020

CoreAudio

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9960: JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab

Entry added March 16, 2021

CoreAudio

Available for: Apple TV 4K and Apple TV HD

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab

Entry added November 12, 2020

CoreCapture

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9949: Proteas

Entry added November 12, 2020

CoreText

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted text file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9999: Apple

Entry added December 15, 2020

Disk Images

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9965: Proteas

CVE-2020-9966: Proteas

Entry added November 12, 2020

FontParser

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative

Entry added March 16, 2021

FontParser

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved size validation.

CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)

Entry added March 16, 2021

FontParser

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.

CVE-2020-27931: Apple

Entry added March 16, 2021

FontParser

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-29639: Mickey Jin & Qi Sun of Trend Micro working with Trend Micro’s Zero Day Initiative

Entry added July 21, 2021

HomeKit

Available for: Apple TV 4K and Apple TV HD

Impact: An attacker in a privileged network position may be able to unexpectedly alter application state

Description: This issue was addressed with improved setting propagation.

CVE-2020-9978: Luyi Xing,  Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington,  Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology

Entry added March 16, 2021

ImageIO

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab

Entry added November 12, 2020

ImageIO

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light- Year Lab

Entry added December 15, 2020

ImageIO

Available for: Apple TV 4K and Apple TV HD

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9876: Mickey Jin of Trend Micro

Entry added November 12, 2020

Kernel

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2020-9967: Alex Plaskett (@alexjplaskett)

Entry added March 16, 2021

Kernel

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9975: Tielei Wang of Pangu Lab

Entry added March 16, 2021

Keyboard

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to leak sensitive user information

Description: A logic issue was addressed with improved state management.

CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany

libxml2

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9981: found by OSS-Fuzz

Entry added November 12, 2020

libxpc

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved validation.

CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Entry added December 15, 2020

Sandbox

Available for: Apple TV 4K and Apple TV HD

Impact: A local user may be able to view senstive user information

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)

Entry added November 12, 2020

Sandbox

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to access restricted files

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9968: Adam Chester (@xpn) of TrustedSec

Entry updated September 17, 2020

SQLite

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2020-13434

CVE-2020-13435

CVE-2020-9991

Entry added November 12, 2020

SQLite

Available for: Apple TV 4K and Apple TV HD

Impact: Multiple issues in SQLite

Description: Multiple issues were addressed by updating SQLite to version 3.32.3.

CVE-2020-15358

Entry added November 12, 2020

SQLite

Available for: Apple TV 4K and Apple TV HD

Impact: A maliciously crafted SQL query may lead to data corruption

Description: This issue was addressed with improved checks.

CVE-2020-13631

Entry added November 12, 2020

SQLite

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to leak memory

Description: An information disclosure issue was addressed with improved state management.

CVE-2020-9849

Entry added November 12, 2020

SQLite

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-13630

Entry added November 12, 2020

WebKit

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9947: cc working with Trend Micro Zero Day Initiative

CVE-2020-9950: cc working with Trend Micro Zero Day Initiative

CVE-2020-9951: Marcin ‘Icewall’ Noga of Cisco Talos

Entry added November 12, 2020

WebKit

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9983: zhunki

Entry added November 12, 2020

WebKit

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-9952: Ryan Pickren (ryanpickren.com)

Wi-Fi

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved state management.

CVE-2020-10013: Yu Wang of Didi Research America

Entry added November 12, 2020

Additional recognition

802.1X

We would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.

Entry added December 15, 2020

Audio

We would like to acknowledge JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab for their assistance.

Entry added March 16, 2021

Audio

We would like to acknowledge JunDong Xie and XingWei Lin of Ant-Financial Light-Year Security Lab for their assistance.

Entry added November 12, 2020

Bluetooth

We would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.

Clang

We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

Entry added November 12, 2020

Core Location

We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

Crash Reporter

We would like to acknowledge Artur Byszko of AFINE for their assistance.

Entry added December 15, 2020

iAP

We would like to acknowledge Andy Davis of NCC Group for their assistance.

Kernel

We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance.

Entry updated November 12, 2020

libxml2

We would like to acknowledge an anonymous researcher for their assistance.

Entry added March 16, 2021

Location Framework

We would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner- 651bb4128) for their assistance.

Entry updated October 19, 2020

Safari

We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.

Entry added November 12, 2020

WebKit

We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.

Entry added November 12, 2020

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: July 21, 2021

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Apple User Manuals

Apple 2nd Generation Pencil User Manual
Apple
Apple AirTag Device Tracker User Guide
Apple
Apple iPhone 11 Pro Simple Mobile Limited Warranty
Apple
Apple mobilebeacon iPad Mini Owner’s Manual
Apple
Apple mobilebeacon iPad Air Instructions
Apple
Apple Tv 4th Generation User Guide
Apple
Apple Watch SE GPS 40mm User Manual
Apple
Apple Watch Series 6 GPS 40mm User Manual
Apple
Apple Pencil A14 User Manual
Apple
Apple 20W USB-C Power Adapter User Manual
Apple
Apple AirTag Ultimate Tracking Device User Manual
Apple
APPLE 10thGen_FF iPad User Guide
Apple
Apple MP5 7 Inch Smart Screen Player User Manual
Apple
Apple Carplay Screen for Car User Manual
Apple
APPLE 2BEM5SINE Find My App User Guide
Apple
Apple iOS 17 New Features Available User Manual
Apple
Apple M2 iPad Air 13 inch 128GB Cellular Instructions
Apple
Apple A1975 Smart Watch User Guide
Apple
Apple A2473 Series Watch Midnight Aluminum User Manual
Apple
Apple A2436 iPad Pro 12.9 Tab User Manual
Apple

Related Manuals

FISHER PAYKEL AHCLRD36W Classic Handle Kit for Integrated Column Refrigerator or Freezer 36 Inch User Guide
Fisher & Paykel
BaByliss 2400W Super Power Hair Dryer Instructions
BaByliss
SCANDTAP 10230 Steel Voyage Mixer Minimalist Instruction Manual
SCANDTAP
SEALEY TS01.V2 700MM VICE/BENCH MOUNTING SHEET METAL FOLDER Instruction Manual
SEALEY
Carrier CRSOUBLN Serie Rooftop Units Installation Guide
Carrier
Verdant VX-TW-KT-W-GMA Wireless Energy Management Thermostat Product Specifications Guide
Verdant
M-gears MG-S03 Mstick3 Android Dongle User Manual
M-gears
HandStands BESTBUDS 06 Wireless Earbuds Instructions
HandStands
Kmart 43204335 Wooden Climbing Set Instructions
Kmart
PHILIPS HR7510 Food Processor User Manual
Philips
GUNNER GK_CWK-DoorCover Cold Weather Door Instruction Manual
GUNNER
anko 40cm Pedestal Fan User Manual
Anko
DAIKIN R32 Split System Air Conditioners Installation Guide
Daikin
ONLAKE A10 Radio Alarm Clock USER GUIDE
ONLAKE
AMPROBE Leakage Current Clamp User Manual
AMPROBE
Mandis RC2040 Remote Control Instructions
Mandis
raya CS-CSX3 4 Pack 3 Inches Caster Wheels Locking Casters User Manual
raya
NEARSCAPES IG44.1DSP Outdoor Speaker System Instructions
NEARSCAPES
TSI 7525 IAQ-Calc Indoor Air Quality Meter Owner’s Manual
tsi
LG CK43 Mini Hi-Fi System User Manual
LG
Asani A7 Portable Smoothie Blender Instruction Manual
Asani
ergomotion RF392D Remote Control User Manual
ergomotion
peachcomm 6861 Cisco IP Phone User Guide
peachcomm
ADDERView CCS-MV4228 8-Port Multi-Viewer Switch User Guide
ADDER
manhattan 180962 Universal AC Laptop Charger Instructions
Manhattan
DREAME H11 Core Wet and Dry Vacuum User Manual
dreame
dahua DH-XVR5108HS Digital Video Recorder User Guide
Dahua
PHILIPS SPL6507 5000 Series 2K Full HD Webcam User Manual
Philips
GAME OF BRICKS 40433 Light Kit for 1989 Batmobile Instruction Manual
Game Of Bricks
boAt 181PRO Bluetooth Earbuds Owner’s Manual
Boat
Contact Us   Privacy Policy   6.183ms