Key Vulnerability Information from tvOS 26.2 Security Content AppleJPEG Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing a file may lead to memory corruption Description: Improved bounds checks. CVE: CVE-2025-43539 curl Available for: Apple TV HD and Apple TV 4K (all models) Impact: Multiple issues in curl Description: Vulnerability in open source code CVE: CVE-2024-7264, CVE-2025-9086 Foundation Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing malicious data may lead to unexpected app termination Description: Memory corruption issue was addressed with improved bounds checking. CVE: CVE-2025-43532 Icons Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to identify what other apps a user has installed Description: Permissions issue was addressed with additional restrictions. CVE: CVE-2025-46279 Kernel Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to gain root privileges Description: Integer overflow was addressed by adopting 64-bit timestamps. CVE: CVE-2025-46285 Multi-Touch Available for: Apple TV HD and Apple TV 4K (all models) Impact: A malicious HID device may cause an unexpected process crash Description: Memory corruption issues were addressed with improved input validation. CVE: CVE-2025-43533 WebKit Available for: Apple TV HD and Apple TV 4K (all models) Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: Race condition was addressed with improved state handling. CVE: CVE-2025-43531 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Use-after-free issue was addressed with improved memory management. CVE: CVE-2025-43529 Impact: Processing maliciously crafted web content may lead to memory corruption Description: Memory corruption issue was addressed with improved validation. CVE: CVE-2025-14174 Impact: Processing maliciously crafted web content may disclose internal states of the app Description: Memory initialization issue was addressed with improved memory handling. CVE: CVE-2025-46299 Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: Improved memory handling. CVE: CVE-2025-46298