VYPR

macOS

by Apple Inc.

CVEs (3,324)

  • CVE-2024-44141MedOct 24, 2024
    risk 0.44cvss 6.8epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with physical access to an unlocked Mac may be able to gain root code execution.

  • CVE-2024-27878MedJul 29, 2024
    risk 0.44cvss 6.7epss 0.00

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges.

  • CVE-2024-23234MedMar 8, 2024
    risk 0.44cvss 6.7epss 0.00

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to execute arbitrary code with kernel privileges.

  • CVE-2023-41989MedOct 25, 2023
    risk 0.44cvss 6.8epss 0.01

    The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen.

  • CVE-2023-41988MedOct 25, 2023
    risk 0.44cvss 6.8epss 0.01

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.

  • CVE-2023-27933MedMay 8, 2023
    risk 0.44cvss 6.7epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app with root privileges may be able to execute arbitrary code with kernel privileges.

  • CVE-2022-42830MedNov 1, 2022
    risk 0.44cvss 6.7epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

  • CVE-2022-42829MedNov 1, 2022
    risk 0.44cvss 6.7epss 0.00

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

  • CVE-2022-32926MedNov 1, 2022
    risk 0.44cvss 6.7epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges.

  • CVE-2022-32832MedSep 23, 2022
    risk 0.44cvss 6.7epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with…

  • CVE-2018-4478MedDec 23, 2021
    risk 0.44cvss 6.8epss 0.00

    A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.

  • CVE-2017-13907MedDec 23, 2021
    risk 0.44cvss 6.8epss 0.00

    A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked.

  • CVE-2021-30721MedSep 8, 2021
    risk 0.44cvss 6.5epss 0.24

    A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.

  • CVE-2019-8569MedOct 27, 2020
    risk 0.44cvss 6.7epss 0.00

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra.…

  • CVE-2019-8534MedOct 27, 2020
    risk 0.44cvss 6.7epss 0.00

    A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A malicious application may be able to execute arbitrary…

  • CVE-2019-8528MedOct 27, 2020
    risk 0.44cvss 6.7epss 0.00

    A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel…

  • CVE-2019-8525MedOct 27, 2020
    risk 0.44cvss 6.7epss 0.00

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update…

  • CVE-2020-9810MedOct 22, 2020
    risk 0.44cvss 6.8epss 0.00

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A person with physical access to a Mac may be able to bypass Login Window.

  • CVE-2018-5383MedAug 7, 2018
    risk 0.44cvss 6.8epss 0.01

    Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a…

  • CVE-2016-7585MedApr 2, 2017
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter.

Page 84 of 167