macOS
by Apple Inc.
CVEs (3,324)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-40440 | Hig | 0.49 | 7.5 | 0.00 | Sep 12, 2023 | This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted. | ||
| CVE-2023-38609 | Hig | 0.49 | 7.5 | 0.01 | Jul 28, 2023 | An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences. | ||
| CVE-2023-38601 | Hig | 0.49 | 7.5 | 0.01 | Jul 28, 2023 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to modify protected parts of the file system. | ||
| CVE-2023-38571 | Hig | 0.49 | 7.5 | 0.01 | Jul 28, 2023 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences. | ||
| CVE-2023-32444 | Hig | 0.49 | 7.5 | 0.01 | Jul 28, 2023 | A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions. | ||
| CVE-2023-38603 | Hig | 0.49 | 7.5 | 0.01 | Jul 27, 2023 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service. | ||
| CVE-2023-38572 | Hig | 0.49 | 7.5 | 0.01 | Jul 27, 2023 | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy. | ||
| CVE-2023-38564 | Hig | 0.49 | 7.5 | 0.00 | Jul 27, 2023 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to modify protected parts of the file system. | ||
| CVE-2023-32397 | Hig | 0.49 | 7.5 | 0.01 | Jun 23, 2023 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system. | ||
| CVE-2023-27963 | Hig | 0.49 | 7.5 | 0.01 | May 8, 2023 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without… | ||
| CVE-2022-46716 | Hig | 0.49 | 7.5 | 0.00 | Apr 10, 2023 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settings | ||
| CVE-2023-23524 | Hig | 0.49 | 7.5 | 0.01 | Feb 27, 2023 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service. | ||
| CVE-2023-23519 | Hig | 0.49 | 7.5 | 0.01 | Feb 27, 2023 | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service. | ||
| CVE-2022-32910 | Hig | 0.49 | 7.5 | 0.01 | Nov 1, 2022 | A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper. | ||
| CVE-2022-32790 | Hig | 0.49 | 7.5 | 0.02 | Sep 23, 2022 | This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service. | ||
| CVE-2022-32793 | Hig | 0.49 | 7.5 | 0.01 | Aug 24, 2022 | Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. | ||
| CVE-2022-26701 | Hig | 0.49 | 7.5 | 0.01 | May 26, 2022 | A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | ||
| CVE-2022-22651 | Hig | 0.49 | 7.5 | 0.02 | Mar 18, 2022 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | ||
| CVE-2022-22643 | Hig | 0.49 | 7.5 | 0.01 | Mar 18, 2022 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. | ||
| CVE-2022-22609 | Hig | 0.49 | 7.5 | 0.01 | Mar 18, 2022 | The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings. |
- risk 0.49cvss 7.5epss 0.00
This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted.
- risk 0.49cvss 7.5epss 0.01
An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences.
- risk 0.49cvss 7.5epss 0.01
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to modify protected parts of the file system.
- risk 0.49cvss 7.5epss 0.01
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.
- risk 0.49cvss 7.5epss 0.01
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service.
- risk 0.49cvss 7.5epss 0.01
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.
- risk 0.49cvss 7.5epss 0.00
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to modify protected parts of the file system.
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
- risk 0.49cvss 7.5epss 0.01
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without…
- risk 0.49cvss 7.5epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settings
- risk 0.49cvss 7.5epss 0.01
A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service.
- risk 0.49cvss 7.5epss 0.01
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service.
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper.
- risk 0.49cvss 7.5epss 0.02
This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.
- risk 0.49cvss 7.5epss 0.01
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.
- risk 0.49cvss 7.5epss 0.01
A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
- risk 0.49cvss 7.5epss 0.01
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so.
- risk 0.49cvss 7.5epss 0.01
The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings.
Page 72 of 167