Home / mailings APPLE-SA-12-12-2025-6 tvOS 26.2
Posted on 13 December 2025
Apple Security-announceAPPLE-SA-12-12-2025-6 tvOS 26.2
tvOS 26.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125889.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
AppleJPEG
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing a file may lead to memory corruption
Description: The issue was addressed with improved bounds checks.
CVE-2025-43539: Michael Reeves (@IntegralPilot)
curl
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Multiple issues in curl
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-7264
CVE-2025-9086
Foundation
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing malicious data may lead to unexpected app termination
Description: A memory corruption issue was addressed with improved
bounds checking.
CVE-2025-43532: Andrew Calvano and Lucas Pinheiro of Meta Product
Security
Icons
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to identify what other apps a user has
installed
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-46279: Duy Tr=E1=BA=A7n (@khanhduytran0)
Kernel
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to gain root privileges
Description: An integer overflow was addressed by adopting 64-bit
timestamps.
CVE-2025-46285: Kaitao Xie and Xiaolong Bai of Alibaba Group
Multi-Touch
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A malicious HID device may cause an unexpected process crash
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2025-43533: Google Threat Analysis Group
WebKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: A race condition was addressed with improved state
handling.
WebKit Bugzilla: 301940
CVE-2025-43531: Phil Pizlo of Epic Games
WebKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
exploited in an extremely sophisticated attack against specific targeted
individuals on versions of iOS before iOS 26. CVE-2025-14174 was also
issued in response to this report.
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 302502
CVE-2025-43529: Google Threat Analysis Group
WebKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing maliciously crafted web content may lead to memory
corruption. Apple is aware of a report that this issue may have been
exploited in an extremely sophisticated attack against specific targeted
individuals on versions of iOS before iOS 26. CVE-2025-43529 was also
issued in response to this report.
Description: A memory corruption issue was addressed with improved
validation.
WebKit Bugzilla: 303614
CVE-2025-14174: Apple and Google Threat Analysis Group
Additional recognition
AppleMobileFileIntegrity
We would like to acknowledge an anonymous researcher for their
assistance.
AppSandbox
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.
Core Services
We would like to acknowledge Golden Helm Securities for their
assistance.
WebKit
We would like to acknowledge Geva Nurgandi Syahputra (gevakun) for their
assistance.
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
