Skip to content ↓ | Skip to navigation ↓

Apple has issued a tvOS security update in which it fixes multiple vulnerabilities for Apple TV (fourth generation).

On Monday, the United States Computer Emergency Readiness Team (US-CERT) published a bulletin about the update:

“Apple has released a security update for tvOS to address multiple vulnerabilities,” the bulletin begins. “Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.”

The bulletin refers Apple users to tvOS security update 9.1.1, which patches eight different vulnerabilities for Apple TV.

Specifically, the update fixes seven memory corruption issues that were found in the Disk Images, IOHIDFamily, IOKit, Kernel, syslog, and WebKit through improved memory handling.

Apple’s security teams are responsible for having found the WebKit bugs, CVE-2016-1724 and CVE-2016-1727, whereas researchers from the Yahoo! Pentest Team, Google Project Zero, Trend Micro, and Zimperium zLabs discovered the rest.

The update also addresses a type confusion issue that existed in libxslt. A researcher by the name of puzzor discovered this bug, which was also fixed by improved memory handling.

appletv fourth generation tvos

These patches were released following extensive analysis on Apple’s part.

“For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available,” the tech giant’s security teams are careful to point out. “To learn more about Apple Product Security, see the Apple Product Security website.”

In addition to resolving some performance issues, the update comes with the new Podcasts app that first made its appearance in tvOS 9.2 beta, reports 9to5Mac. It is anticipated that when 9.2 is released to all users later this year, it will include channel folders and Bluetooth keyboard support, among other features.

This update comes on the heels of some analysts’ comments that Apple has decided to keep private a certain application programming interface (API) that would make it easier for ad blockers to hide content in web browsers from Mozilla and others in its iOS 9 operating system.