Apple’s track record when it comes to breaches and vulnerabilities has been sliding downhill recently -the company has been struggling with; operating system, software, and device security vulnerabilities. Even iOS software is a little bit shaky at the moment and as a result, Apple is constantly releasing new updates. According to stack.watch, there have been 166 software vulnerabilities in 2021 affecting Apple tvOS alone, and the forecast is that the number of vulnerabilities this year is going to surpass last year’s numbers.
About Apple TV & Apple tvOS
The Apple tvOS Vulnerability
The key finding credited to an anonymous researcher in the Apple release report is vulnerability CVE-2021-30883. It is an integer overflow type security flaw in the IOMobileFrameBuffer (Apple TV 4k and Apple TV HD) which leads to memory corruption. The report states, “Apple is aware of a report that this issue may have been actively exploited.”
Technical Details
The vulnerability allows a malicious application to escalate privileges on the system, meaning that a remote attacker could completely compromise an unpatched system. The vulnerability exists due to a boundary error within the IOMobileFrameBuffer subsystem. A malicious application can trigger an integer overflow and execute arbitrary code with kernel privileges.
Vulnerable Software Versions
The following software versions of Apple tvOS are at risk; tvOS: 14.0 18J386, 14.0.1 18J400, 14.0.2 18J411, 14.1, 14.2 18K57, 14.3 18K561, 14.4 18K802, 14.5 18L204, 14.6 18L569, 14.7 18M60, 15.0 19J346
Important User Info
Apple has released a patch that resolves the above security risks. Apple TV users should immediately verify that their tvOS software is updated to the latest version by keeping automatic updates enabled at all times.
