macOS
by Apple Inc.
CVEs (3,324)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8517 | Med | 0.42 | 6.5 | 0.01 | Dec 18, 2019 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted font may result in the disclosure of process memory. | ||
| CVE-2018-4460 | Med | 0.42 | 6.5 | 0.02 | Apr 3, 2019 | A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. | ||
| CVE-2018-4406 | Med | 0.42 | 6.5 | 0.01 | Apr 3, 2019 | A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14. | ||
| CVE-2018-4389 | Med | 0.42 | 6.5 | 0.01 | Apr 3, 2019 | An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1. | ||
| CVE-2018-4368 | Med | 0.42 | 6.5 | 0.02 | Apr 3, 2019 | A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. | ||
| CVE-2018-4187 | Med | 0.42 | 6.5 | 0.03 | Jun 8, 2018 | An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message. | ||
| CVE-2018-4107 | Med | 0.42 | 6.5 | 0.02 | Apr 3, 2018 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "PDFKit" component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document. | ||
| CVE-2017-2418 | Med | 0.42 | 6.5 | 0.00 | Apr 2, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors. | ||
| CVE-2016-7627 | Med | 0.42 | 6.5 | 0.01 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and… | ||
| CVE-2016-7591 | Med | 0.42 | 6.5 | 0.01 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a… | ||
| CVE-2016-7580 | Med | 0.42 | 6.5 | 0.01 | Feb 20, 2017 | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL. | ||
| CVE-2025-43210 | Med | 0.41 | 6.3 | 0.00 | Apr 2, 2026 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media… | ||
| CVE-2025-43448 | Med | 0.41 | 6.3 | 0.00 | Nov 4, 2025 | This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to break out of… | ||
| CVE-2025-43412 | Med | 0.41 | 6.3 | 0.00 | Nov 4, 2025 | A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to break out of its sandbox. | ||
| CVE-2025-43400 | Med | 0.41 | 6.3 | 0.06 | Sep 29, 2025 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.1 and iPadOS 18.7.1, iOS 26.0.1 and iPadOS 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, watchOS 26.1. Processing a… | ||
| CVE-2025-31233 | Med | 0.41 | 6.3 | 0.01 | May 12, 2025 | The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted video file may lead to… | ||
| CVE-2025-31209 | Med | 0.41 | 6.3 | 0.01 | May 12, 2025 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to disclosure of user… | ||
| CVE-2025-31195 | Med | 0.41 | 6.3 | 0.00 | May 12, 2025 | The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox. | ||
| CVE-2023-42961 | Med | 0.41 | 6.3 | 0.00 | Apr 11, 2025 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions. | ||
| CVE-2025-30429 | Med | 0.41 | 6.3 | 0.00 | Mar 31, 2025 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox. |
- risk 0.42cvss 6.5epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted font may result in the disclosure of process memory.
- risk 0.42cvss 6.5epss 0.02
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
- risk 0.42cvss 6.5epss 0.01
A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
- risk 0.42cvss 6.5epss 0.01
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.
- risk 0.42cvss 6.5epss 0.02
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
- risk 0.42cvss 6.5epss 0.03
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "PDFKit" component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and…
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a…
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL.
- risk 0.41cvss 6.3epss 0.00
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media…
- risk 0.41cvss 6.3epss 0.00
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to break out of…
- risk 0.41cvss 6.3epss 0.00
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to break out of its sandbox.
- risk 0.41cvss 6.3epss 0.06
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.1 and iPadOS 18.7.1, iOS 26.0.1 and iPadOS 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, watchOS 26.1. Processing a…
- risk 0.41cvss 6.3epss 0.01
The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted video file may lead to…
- risk 0.41cvss 6.3epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to disclosure of user…
- risk 0.41cvss 6.3epss 0.00
The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.
- risk 0.41cvss 6.3epss 0.00
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions.
- risk 0.41cvss 6.3epss 0.00
A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.
Page 92 of 167