tvOS 11.3 release notes & security fixes

Christian Zibreg ∙ March 30, 2018

On March 29, 2018, Apple released the tvOS 11.3 software update, bringing the ability to play videos in their original frame rate to owners of the fourth-generation Apple TV, plus other improvements such as ad-free music videos for Apple Music members right in the Music app.

tvOS 11.3 is compatible with the fourth-generation Apple TV and Apple TV 4K.

To update your Apple TV to the latest available tvOS version, go to Settings → System → Software Updates and select the option Check for Update. If an update is available, a message will appear. You can then choose Download and Install to start downloading.

You can also download tvOS 11.2 from iDownloadBlog’s Download section.

As mentioned, owners of the fourth-generation Apple TV can now have their device switch its display mode automatically to match a video’s native frame rate and dynamic range instead of forcibly upscaling everything to specific frame rates and HDR.

TUTORIAL: How to use frame rate matching and dynamic range switching on Apple TV

To turn frame rate matching on, open the Settings app, choose the section Video and Audio, select the sub-section Match Content and enable the option Match Frame Rate.

Doing so tells your Apple TV to automatically match the frame rate of any videos that are mastered at different frame rates, including 24FPS film-based content or other international content.

Content matching capabilities arrived in tvOS 11.2, but were limited to Apple TV 4K.

Subscribe to iDownloadBlog on YouTube

You can also download tvOS 11.2 from iDownloadBlog’s Download section.

Here’s everything included in the tvOS 11.3 software update.

tvOS 11.3 release notes

This update contains new features, improvements and bug fixes.

Privacy

When an Apple feature asks to use your personal information, an icon now appears along with a link to detailed information explaining how your data will be used and protected

TV app

Apple’s TV app is now available to customers in Brazil and Mexico.

Siri

Siri on Apple TV now understands Portuguese in Brazil.

Video playback

On the fourth-generation Apple TV, you can play videos in their original frame rate.

Visit Apple’s website for detailed information about Apple TV software updates.

tvOS 11.3 security fixes

The following security fixes are available in tvOS 11.3

CoreFoundation

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4155: Samuel Groß (@5aelo)

CoreText

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: Processing a maliciously crafted string may lead to a denial of service
  • Description: A denial of service issue was addressed through improved memory handling.
  • CVE-2018-4142: Robin Leroy of Google Switzerland GmbH

File System Events

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4167: Samuel Groß (@5aelo)

Kernel

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: A malicious application may be able to execute arbitrary code with kernel privileges
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2018-4150: an anonymous researcher

Kernel

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: An application may be able to read restricted memory
  • Description: A validation issue was addressed with improved input sanitization.
  • CVE-2018-4104: The UK’s National Cyber Security Centre (NCSC)

Kernel

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2018-4143: derrek (@derrekr6)

NSURLSession

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4166: Samuel Groß (@5aelo)

Quick Look

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4157: Samuel Groß (@5aelo)

Security

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: A malicious application may be able to elevate privileges
  • Description: A buffer overflow was addressed with improved size validation.
  • CVE-2018-4144: Abraham Masri (@cheesecakeufo)

System Preferences

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: A configuration profile may incorrectly remain in effect after removal
  • Description: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup.
  • CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera

WebKit

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: Unexpected interaction with indexing types causing an ASSERT failure
  • Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks.
  • CVE-2018-4113: found by OSS-Fuzz

WebKit

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: Processing maliciously crafted web content may lead to a denial of service
  • Description: A memory corruption issue was addressed through improved input validation.
  • CVE-2018-4146: found by OSS-Fuzz

WebKit

  • Available for: Apple TV 4K and Apple TV (4th generation)
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
  • CVE-2018-4114: found by OSS-Fuzz
  • CVE-2018-4118: Jun Kokatsu (@shhnjk)
  • CVE-2018-4119: an anonymous researcher working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
  • CVE-2018-4121: Natalie Silvanovich of Google Project Zero
  • CVE-2018-4122: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4125: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4127: an anonymous researcher working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4128: Zach Markley
  • CVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4130: Omair working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4161: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4162: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4163: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

To learn more about the security content of tvOS 11.3, read Apple’s support document. For additional information on security updates for all Apple software, visit their website.

Keep in mind that some Apple TV features may be unavailable in certain countries or areas. For instance, availability and functionality of Siri on Apple TV vary by country and region.

Tags Apple Apple TV Apple TV 4 Apple TV 4K Bug Fix Issue