-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-04-16-2025-3 tvOS 18.4.1

tvOS 18.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122401.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

CoreAudio
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing an audio stream in a maliciously crafted media file
may result in code execution. Apple is aware of a report that this issue
may have been exploited in an extremely sophisticated attack against
specific targeted individuals on iOS.
Description: A memory corruption issue was addressed with improved
bounds checking.
CVE-2025-31200: Apple and Google Threat Analysis Group

RPAC
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker with arbitrary read and write capability may be able
to bypass Pointer Authentication. Apple is aware of a report that this
issue may have been exploited in an extremely sophisticated attack
against specific targeted individuals on iOS.
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-31201: Apple

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About.“

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmgABnMACgkQX+5d1TXa
IvrBPxAAwsR/u23qMtnS+WtGXrNHF8i1Ibx2QzFq5+6FlBBuOB2JJG++y0CBkiRI
TueqJpmorYoi3lmH7DME4kvHZv+ch70yEsadwFOVAav6bzixng0Zdk+I16xR6PqA
6ay1+4MBNqmUa3ZEpla1RyUGHQ0RyiF1XxVEjH5iTTNdDLFDumtz1gX5Q70O3iDw
aGZZ3JyRvWXOvZMcb+pPfpEcNKK80n7W3g1bl9EIWlewuZJDLNWjych0tPGPsKUz
tX7Q5kN/TUyiatULPznKUpp1wafetJbHsOg6kEjOnQyxBxWw9BQjNj9wPZhOjTUa
VdG6NVKHNKw1FsRA0U/DIMiSTtcLCiX8g4RApcaIb0/HpvuoSHwC4DCQ4PaY88bV
59LQ2RGetjvJjCAxB6ENGQkxoJtIuOXIYU/TxY8qG98dcLRm14g/JrsMC5B+6nCz
D6/Y9axottqgvm5E/hRKOsMgSscb9aU9jhf65l3C1aHRIdQM7xNhLF93CgXTw/Wt
AKWSn6gO7RxwybVRBZqdOA39oeqomWZapoluy9PYKwF7bvHbKqsKTePuYJUjrzaI
qIWR0nTPxMkYRGeWkPkFhSfLnlDZs/zB4RLQY8lEpxR6WblercddUeusFjiN+zsR
2Jxo5vYgjH1Zd2ytcmq2uKkfOmHLA7R8ts88pUYo2mtpNGgtTZc=
=42zN
-----END PGP SIGNATURE-----