macOS
by Apple Inc.
CVEs (3,266)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27853 | Med | 0.29 | 4.4 | 0.00 | Jul 29, 2024 | This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A maliciously crafted ZIP archive may bypass Gatekeeper checks. | ||
| CVE-2023-40425 | Med | 0.29 | 4.4 | 0.00 | Oct 25, 2023 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may be able to access private information. | ||
| CVE-2023-41981 | Med | 0.29 | 4.4 | 0.00 | Sep 27, 2023 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory… | ||
| CVE-2022-32782 | Med | 0.29 | 4.4 | 0.00 | Sep 23, 2022 | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information. | ||
| CVE-2022-32781 | Med | 0.29 | 4.4 | 0.00 | Sep 23, 2022 | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information. | ||
| CVE-2022-26688 | Med | 0.29 | 4.4 | 0.00 | May 26, 2022 | An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. | ||
| CVE-2021-1824 | Med | 0.29 | 4.4 | 0.00 | Sep 8, 2021 | This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information. | ||
| CVE-2020-9978 | Med | 0.29 | 4.5 | 0.01 | Apr 2, 2021 | This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network… | ||
| CVE-2020-3835 | Med | 0.29 | 4.4 | 0.00 | Feb 27, 2020 | A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files. | ||
| CVE-1999-0524 | Med | 0.29 | 4.0 | 0.32 | Aug 1, 1997 | ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||
| CVE-2026-28917 | Med | 0.28 | 4.3 | 0.00 | May 11, 2026 | The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected… | ||
| CVE-2026-28861 | Med | 0.28 | 4.3 | 0.00 | Mar 25, 2026 | A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins. | ||
| CVE-2026-20635 | Med | 0.28 | 4.3 | 0.00 | Feb 11, 2026 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected… | ||
| CVE-2025-46316 | Med | 0.28 | 4.3 | 0.00 | Jan 28, 2026 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in Pages 15.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. Processing a maliciously crafted Pages document may result in unexpected termination or disclosure of process memory. | ||
| CVE-2025-46299 | Med | 0.28 | 4.3 | 0.00 | Jan 9, 2026 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app. | ||
| CVE-2025-43536 | Med | 0.28 | 4.3 | 0.01 | Dec 17, 2025 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||
| CVE-2025-43374 | Med | 0.28 | 4.3 | 0.00 | Nov 21, 2025 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker in physical proximity may be able… | ||
| CVE-2025-31266 | Med | 0.28 | 4.3 | 0.00 | Nov 21, 2025 | A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name. This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window. | ||
| CVE-2025-43445 | Med | 0.28 | 4.3 | 0.01 | Nov 4, 2025 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing a maliciously… | ||
| CVE-2025-43385 | Med | 0.28 | 4.3 | 0.01 | Nov 4, 2025 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to… |
- risk 0.29cvss 4.4epss 0.00
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A maliciously crafted ZIP archive may bypass Gatekeeper checks.
- risk 0.29cvss 4.4epss 0.00
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.
- risk 0.29cvss 4.4epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory…
- risk 0.29cvss 4.4epss 0.00
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information.
- risk 0.29cvss 4.4epss 0.00
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.
- risk 0.29cvss 4.4epss 0.00
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files.
- risk 0.29cvss 4.4epss 0.00
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information.
- risk 0.29cvss 4.5epss 0.01
This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network…
- risk 0.29cvss 4.4epss 0.00
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files.
- risk 0.29cvss 4.0epss 0.32
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
- risk 0.28cvss 4.3epss 0.00
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected…
- risk 0.28cvss 4.3epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins.
- risk 0.28cvss 4.3epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected…
- risk 0.28cvss 4.3epss 0.00
An out-of-bounds read was addressed with improved input validation. This issue is fixed in Pages 15.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. Processing a maliciously crafted Pages document may result in unexpected termination or disclosure of process memory.
- risk 0.28cvss 4.3epss 0.00
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.
- risk 0.28cvss 4.3epss 0.01
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
- risk 0.28cvss 4.3epss 0.00
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker in physical proximity may be able…
- risk 0.28cvss 4.3epss 0.00
A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name. This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window.
- risk 0.28cvss 4.3epss 0.01
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing a maliciously…
- risk 0.28cvss 4.3epss 0.01
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to…
Page 135 of 164