Apple tvOS Apple TV Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple tvOS.
Recent Apple tvOS Security Advisories
Advisory | Title | Published |
---|---|---|
122720 | tvOS 18.5 - Apple Security Content | May 12, 2025 |
122401 | tvOS 18.4.1 - Apple Security Content | April 16, 2025 |
122072 | tvOS 18.3 - Apple Security Content | January 27, 2025 |
121844 | tvOS 18.2 - Apple Security Content | December 11, 2024 |
121569 | tvOS 18.1 - Apple Support Security Content | October 28, 2024 |
121248 | tvOS 18 - Apple Support Security Content | September 16, 2024 |
120914 | tvOS 17.6 - Apple Security Content | July 29, 2024 |
HT214122 | tvOS 17.6 Security Content | July 29, 2024 |
HT214102 | tvOS 17.5 Security Content | May 13, 2024 |
HT214086 | tvOS 17.4 Security Content | March 7, 2024 |
Apple tvOS EOL Dates
Ensure that you are using a supported version of Apple tvOS. Here are some end of life, and end of support dates for Apple tvOS.
Release | EOL Date | Status |
---|---|---|
18 | - |
Active
|
17 | September 16, 2024 |
EOL
Apple tvOS 17 became EOL in 2024. |
16 | September 18, 2023 |
EOL
Apple tvOS 16 became EOL in 2023. |
15 | September 12, 2022 |
EOL
Apple tvOS 15 became EOL in 2022. |
14 | September 20, 2021 |
EOL
Apple tvOS 14 became EOL in 2021. |
13 | September 16, 2020 |
EOL
Apple tvOS 13 became EOL in 2020. |
12 | September 24, 2019 |
EOL
Apple tvOS 12 became EOL in 2019. |
11 | September 17, 2018 |
EOL
Apple tvOS 11 became EOL in 2018. |
10 | September 19, 2017 |
EOL
Apple tvOS 10 became EOL in 2017. |
9 | September 13, 2016 |
EOL
Apple tvOS 9 became EOL in 2016. |
By the Year
In 2025 there have been 109 vulnerabilities in Apple tvOS with an average score of 6.8 out of ten. Last year, in 2024 tvOS had 149 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in tvOS in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.23.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 109 | 6.78 |
2024 | 149 | 6.55 |
2023 | 132 | 6.70 |
2022 | 145 | 7.38 |
2021 | 241 | 7.20 |
2020 | 184 | 7.37 |
2019 | 261 | 7.93 |
2018 | 67 | 7.81 |
It may take a day or so for new tvOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple tvOS Security Vulnerabilities
The issue was addressed with improved memory handling
CVE-2025-24184
- May 19, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination.
The issue was addressed with improved checks
CVE-2025-24189
- May 19, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.
A permissions issue was addressed with additional restrictions
CVE-2025-31262
- May 19, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to modify protected parts of the file system.
The issue was addressed with improved input sanitization
CVE-2025-31251
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
This issue was addressed through improved state management
CVE-2025-31212
- May 12, 2025
This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may be able to access sensitive user data.
The issue was addressed with improved checks
CVE-2025-31208
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
An out-of-bounds read was addressed with improved bounds checking
CVE-2025-31209
- May 12, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to disclosure of user information.
A use-after-free issue was addressed with improved memory management
CVE-2025-31239
- May 12, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
The issue was addressed with improved input sanitization
CVE-2025-31233
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
A logic issue was addressed with improved checks
CVE-2025-31226
- May 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing a maliciously crafted image may lead to a denial-of-service.
The issue was addressed with improved memory handling
CVE-2025-31219
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
A double free issue was addressed with improved memory management
CVE-2025-31241
- May 12, 2025
A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.
A correctness issue was addressed with improved checks
CVE-2025-31222
- May 12, 2025
A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges.
The issue was addressed with improved checks
CVE-2025-31245
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.
The issue was addressed with improved input sanitization
CVE-2025-31234
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
The issue was addressed with improved checks
CVE-2025-31223
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved checks
CVE-2025-31238
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved memory handling
CVE-2025-24223
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved memory handling
CVE-2025-31204
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved input validation
CVE-2025-31217
- May 12, 2025
The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
The issue was addressed with improved checks
CVE-2025-31215
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.
A type confusion issue was addressed with improved state handling
CVE-2025-31206
- May 12, 2025
A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
The issue was addressed with improved checks
CVE-2025-31205
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.
This issue was addressed with improved memory handling
CVE-2025-31257
- May 12, 2025
This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
An information disclosure issue was addressed by removing the vulnerable code
CVE-2025-24144
- May 12, 2025
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state.
A memory corruption issue was addressed with improved state management
CVE-2025-24111
- May 12, 2025
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.
An integer overflow was addressed with improved input validation
CVE-2025-31221
- May 12, 2025
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory.
A use-after-free issue was addressed with improved memory management
CVE-2025-24252
- April 29, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.
The issue was addressed with improved checks
CVE-2025-31197
- April 29, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.
An access issue was addressed with improved access restrictions
CVE-2025-24271
- April 29, 2025
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing.
This issue was addressed by removing the vulnerable code
CVE-2025-24270
- April 29, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information.
The issue was addressed with improved checks
CVE-2025-24251
- April 29, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.
An authentication issue was addressed with improved state management
CVE-2025-24206
- April 29, 2025
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.
An integer overflow was addressed with improved input validation
CVE-2025-31203
- April 29, 2025
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.
A null pointer dereference was addressed with improved input validation
CVE-2025-31202
- April 29, 2025
A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.
A type confusion issue was addressed with improved checks
CVE-2025-30445
- April 29, 2025
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.
A null pointer dereference was addressed with improved input validation
CVE-2025-24179
- April 29, 2025
A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local network may be able to cause a denial-of-service.
A memory corruption issue was addressed with improved bounds checking
CVE-2025-31200
- April 16, 2025
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Memory Corruption
This issue was addressed by removing the vulnerable code
CVE-2025-31201
- April 16, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
A use-after-free issue was addressed with improved memory management
CVE-2023-42970
- April 11, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.
Processing web content may lead to arbitrary code execution
CVE-2023-42875
- April 11, 2025
Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.
The issue was addressed with improved memory handling
CVE-2025-24216
- March 31, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
This issue was addressed with improved redaction of sensitive information
CVE-2025-24217
- March 31, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
This issue was addressed with improved access restrictions
CVE-2025-30438
- March 31, 2025
This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.
The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4
CVE-2025-30447
- March 31, 2025
The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
A path handling issue was addressed with improved validation
CVE-2025-30454
- March 31, 2025
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. A malicious app may be able to access private information.
A permissions issue was addressed with additional restrictions
CVE-2025-24097
- March 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to read arbitrary file metadata.
This issue was addressed with additional entitlement checks
CVE-2025-24173
- March 31, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.
This issue was addressed through improved state management
CVE-2025-24178
- March 31, 2025
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.
The issue was addressed with improved memory handling
CVE-2025-24243
- March 31, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted file may lead to arbitrary code execution.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple iPadOS or by Apple? Click the Watch button to subscribe.
