VYPR

macOS

by Apple Inc.

CVEs (3,266)

  • CVE-2016-4688HigFeb 20, 2017
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote…

  • CVE-2016-4667HigFeb 20, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.

  • CVE-2016-4617HigFeb 20, 2017
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component.

  • CVE-2024-54514HigDec 12, 2024
    risk 0.56cvss 8.6epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox.

  • CVE-2024-44256HigOct 28, 2024
    risk 0.56cvss 8.6epss 0.00

    The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to break out of its sandbox.

  • CVE-2024-44270HigOct 28, 2024
    risk 0.56cvss 8.6epss 0.01

    A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A sandboxed process may be able to circumvent sandbox restrictions.

  • CVE-2024-23299HigJun 10, 2024
    risk 0.56cvss 8.6epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to break out of its sandbox.

  • CVE-2024-27813HigMay 14, 2024
    risk 0.56cvss 8.6epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

  • CVE-2024-23278HigMar 8, 2024
    risk 0.56cvss 8.6epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, watchOS 10.4. An app may be able to break out of its sandbox.

  • CVE-2024-23246HigMar 8, 2024
    risk 0.56cvss 8.6epss 0.01

    This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to break out of its sandbox.

  • CVE-2024-0258HigMar 8, 2024
    risk 0.56cvss 8.6epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

  • CVE-2025-24255HigMar 31, 2025
    risk 0.55cvss 8.4epss 0.00

    A file access issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox.

  • CVE-2018-4243HigJun 8, 2018
    risk 0.55cvss 7.8epss 0.19

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to…

  • CVE-2018-4237HigJun 8, 2018
    risk 0.55cvss 7.8epss 0.14

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app…

  • CVE-2017-2370HigFeb 20, 2017
    risk 0.55cvss 7.8epss 0.11

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a…

  • CVE-2018-4241HigJun 8, 2018
    risk 0.54cvss 7.8epss 0.08

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers…

  • CVE-2018-4206HigJun 8, 2018
    risk 0.54cvss 7.8epss 0.05

    An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to…

  • CVE-2018-4193HigJun 8, 2018
    risk 0.54cvss 7.8epss 0.06

    An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Windows Server" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2018-4139HigApr 3, 2018
    risk 0.54cvss 7.8epss 0.04

    An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2018-4083HigApr 3, 2018
    risk 0.54cvss 7.8epss 0.04

    An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Touch Bar Support" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Page 8 of 164