Apple today released tvOS 18.4.1, a minor update for the tvOS 18 operating system for Apple TV 4K and Apple TV HD set top boxes.
The tvOS 18.4.1 update can be downloaded via the Settings app on the Apple TV by going to “System” -> “Software Update.” If you have automatic software updates turned on your Apple TV will be upgraded to tvOS 18.4.1 automatically.
The update fixes two security holes that have been exploited in the wild.
CoreAudio
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Description: A memory corruption issue was addressed with improved bounds checking.
CVE-2025-31200: Apple and Google Threat Analysis Group
RPAC
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-31201: Apple
Apple shares full release notes for tvOS in its tvOS support document, which is updated after each new version of tvOS comes out.
Apple has also released a new version of the HomePod Software 18.4.1 for the HomePod and HomePod mini. The HomePod software is based on tvOS.
