Apple patches exploited bugs in iPhones plus other holes Apple has released fixes for several security flaws that affect its iPhones, iPads, macOS computers, and Apple TV and watches, and warned that some of these bugs have already been exploited. Here's a quick list of all of the security updates released late on Monday afternoon: Safari 16.6 iOS 16.6 and iPadOS 16.6 iOS 15.7.8 …
I don't know what you can do with an Apple TV, but if it can be used to browse the web, watch content rendered by a browser of some sort, or receive messages, then there are some attack vectors. It might be something as simple as TV OS being basically the same as IOS with a different frontend (as I recall, a while ago they didn't bother having separate names and called it IOS), so if they patch one they are going to patch the other to keep the codebases in line.
And like all of their platforms, you have to use the Safari/webkit core for your rendering engine.
The next part is that hostile content needs to be served from somewhere the TV is loading. Ads are an obvious avenue, as would watering hole attacks on the servers hosting popular content, I'd go after the second tier apps for things like news channels.
What I would be more worried about is one of the developer libraries the apps link to going evil. There are too many shady "telemetry" frameworks in these things, and most of these devs don't seem to be doing due diligence their tools. So if one of these tools goes bad, hundreds or thousands of Apps could start telling their clients to request content from anywhere, triggering an attack based on a fault like this.
So even on devices people don't use to browse the browser can still be attacked.
But it is the same codebase so it gets all the same fixes as part of the update - they would have to go out of their way to NOT patch security issues in it that are being patched for iOS.
They don't release the fast response patches for it like they do iOS & iPadOS, just the "regular" updates.
It would be a lot harder to attack and a lot less valuable if p0wned so I doubt anyone is out there actively trying to hack it. I suppose you'd get a foothold into someone's internal network that way, but it is much easier to do by attacking wireless routers that are generally not kept up to date. Especially once they are a few years old and any automated vendor patching has run its course.
Did you miss the list of patches in the article where they showed patches for iOS 15.x (15.7.8) are also available? Patches for iOS 14 are irrelevant, there are no devices that can run 14 but not 15. If you "choose not to run" 15 on something capable of running it when it has been out for almost two years then that's your own damn fault.
We'll have to see if they make patches available for iOS 12 to help out those still using iPhone 5S and 6. They last patched iOS 12 in January so they might but I guess it isn't clear whether iOS 12 is affected by the issue that's believed to be under active exploit.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
