Apple tvOS vulnerabilities
2,227 known vulnerabilities affecting apple/tvos.
Total CVEs
2,227
CISA KEV
41
actively exploited
Public exploits
199
Exploited in wild
31
Severity breakdown
CRITICAL148HIGH1222MEDIUM795LOW59UNKNOWN3
Vulnerabilities
Page 28 of 112
CVE-2022-32824MEDIUMCVSS 5.5fixed in 15.6≥ unspecified, < 15.62023-02-27
CVE-2022-32824 [MEDIUM] CWE-200 CVE-2022-32824: The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7
The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.
nvdapple
CVE-2023-23511MEDIUMCVSS 5.5fixed in 16.3≥ unspecified, < 16.32023-02-27
CVE-2023-23511 [MEDIUM] CWE-200 CVE-2023-23511: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3,
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.
nvdapple
CVE-2023-23503MEDIUMCVSS 5.5fixed in 16.3≥ unspecified, < 16.32023-02-27
CVE-2023-23503 [MEDIUM] CWE-288 CVE-2023-23503: A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.
nvdapple
CVE-2022-32891MEDIUMCVSS 6.1fixed in 16.02023-02-27
CVE-2022-32891 [MEDIUM] CWE-1021 CVE-2022-32891: The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchO
The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.
nvdapple
CVE-2023-23502MEDIUMCVSS 5.5fixed in 16.3≥ unspecified, < 16.32023-02-27
CVE-2023-23502 [MEDIUM] CWE-125 CVE-2023-23502: An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout.
nvdapple
CVE-2022-32844MEDIUMCVSS 6.3fixed in 15.6≥ unspecified, < 15.62023-02-27
CVE-2022-32844 [MEDIUM] CWE-362 CVE-2022-32844: A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watch
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication.
nvdapple
CVE-2023-23499MEDIUMCVSS 5.5fixed in 16.3≥ unspecified, < 16.32023-02-27
CVE-2023-23499 [MEDIUM] CWE-200 CVE-2023-23499: This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3,
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to access user-sensitive data.
nvdapple
CVE-2022-0108MEDIUMCVSS 6.5v16.32023-01-24
CVE-2022-0108 [MEDIUM] CVE-2022-0108: tvOS 16.3
Apple Security Update: About the security content of tvOS 16.3
Product: tvOS
Version: 16.3
CVE: CVE-2022-0108
Component: WebKit
Impact: An HTML document may be able to render iframes with sensitive user information
Description: This issue was addressed with improved iframe sandbox enforcement.
apple
CVE-2022-42842CRITICALCVSS 9.8fixed in 16.2≥ unspecified, < 16.2+2 more2022-12-15
CVE-2022-42842 [CRITICAL] CWE-787 CVE-2022-42842: The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monte
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution.
nvd
CVE-2022-42845HIGHCVSS 7.2fixed in 16.2≥ unspecified, < 16.2+2 more2022-12-15
CVE-2022-42845 [HIGH] CWE-787 CVE-2022-42845: The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monte
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2022-42863HIGHCVSS 8.8fixed in 16.2≥ unspecified, < 16.2+1 more2022-12-15
CVE-2022-42863 [HIGH] CWE-787 CVE-2022-42863: A memory corruption issue was addressed with improved state management. This issue is fixed in Safar
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-46699HIGHCVSS 8.8fixed in 16.2≥ unspecified, < 16.2+1 more2022-12-15
CVE-2022-46699 [HIGH] CWE-787 CVE-2022-46699: A memory corruption issue was addressed with improved state management. This issue is fixed in Safar
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-46690HIGHCVSS 7.8fixed in 16.2≥ unspecified, < 16.2+1 more2022-12-15
CVE-2022-46690 [HIGH] CWE-787 CVE-2022-46690: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2022-46689HIGHCVSS 7.0PoCfixed in 16.2≥ unspecified, < 16.2+3 more2022-12-15
CVE-2022-46689 [HIGH] CWE-362 CVE-2022-46689: A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS M
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2022-46694HIGHCVSS 7.8fixed in 16.2≥ unspecified, < 16.2+1 more2022-12-15
CVE-2022-46694 [HIGH] CWE-787 CVE-2022-46694: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution.
nvd
CVE-2022-46701HIGHCVSS 7.8fixed in 16.2≥ unspecified, < 16.2+1 more2022-12-15
CVE-2022-46701 [HIGH] CWE-20 CVE-2022-46701: The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
nvd
CVE-2022-42855HIGHCVSS 7.1fixed in 16.2≥ unspecified, < 16.2+3 more2022-12-15
CVE-2022-42855 [HIGH] CWE-269 CVE-2022-42855: A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.
nvd
CVE-2022-42856HIGHCVSS 8.8KEVfixed in 16.2≥ unspecified, < 16.2+3 more2022-12-15
CVE-2022-42856 [HIGH] CWE-843 CVE-2022-42856: A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of
nvd
CVE-2022-46700HIGHCVSS 8.8fixed in 16.2≥ unspecified, < 16.2+2 more2022-12-15
CVE-2022-46700 [HIGH] CWE-787 CVE-2022-46700: A memory corruption issue was addressed with improved input validation. This issue is fixed in Safar
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-42849HIGHCVSS 7.8fixed in 16.2≥ unspecified, < 16.22022-12-15
CVE-2022-42849 [HIGH] CWE-269 CVE-2022-42849: An access issue existed with privileged API calls. This issue was addressed with additional restrict
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges.
nvd