macOS Sequoia
by Apple Inc.
CVEs (390)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28838 | Med | 0.34 | 5.3 | 0.00 | Mar 25, 2026 | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox. | ||
| CVE-2026-20673 | Med | 0.34 | 5.3 | 0.00 | Feb 11, 2026 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. Turning off "Load remote content in messages” may not apply to all mail previews. | ||
| CVE-2025-43332 | Med | 0.34 | 5.2 | 0.00 | Sep 15, 2025 | A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox. | ||
| CVE-2025-43308 | Med | 0.34 | 5.3 | 0.00 | Sep 15, 2025 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data. | ||
| CVE-2025-43311 | Med | 0.33 | 5.1 | 0.00 | Sep 15, 2025 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data. | ||
| CVE-2025-24203 | Med | 0.33 | 5.0 | 0.01 | Mar 31, 2025 | The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system. | ||
| CVE-2025-43420 | Med | 0.31 | 4.7 | 0.00 | Nov 4, 2025 | A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||
| CVE-2025-24094 | Med | 0.31 | 4.7 | 0.00 | Jan 27, 2025 | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access user-sensitive data. | ||
| CVE-2026-20605 | Med | 0.30 | 4.6 | 0.00 | Feb 11, 2026 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to crash a system process. | ||
| CVE-2025-31264 | Med | 0.30 | 4.6 | 0.00 | May 29, 2025 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access to a locked device may be able to view sensitive user information. | ||
| CVE-2026-20609 | Med | 0.29 | 4.4 | 0.00 | Feb 11, 2026 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted file may… | ||
| CVE-2025-43336 | Med | 0.29 | 4.4 | 0.00 | Nov 4, 2025 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app with root privileges may be able to access private information. | ||
| CVE-2025-43310 | Med | 0.29 | 4.4 | 0.00 | Sep 15, 2025 | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to trick a user into copying sensitive data to the pasteboard. | ||
| CVE-2025-24136 | Med | 0.29 | 4.4 | 0.00 | Jan 27, 2025 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious app may be able to create symlinks to protected regions of the disk. | ||
| CVE-2025-24116 | Med | 0.29 | 4.4 | 0.00 | Jan 27, 2025 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to bypass Privacy preferences. | ||
| CVE-2024-40825 | Med | 0.29 | 4.4 | 0.00 | Sep 17, 2024 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, visionOS 2. A malicious app with root privileges may be able to modify the contents of system files. | ||
| CVE-2025-31266 | Med | 0.28 | 4.3 | 0.00 | Nov 21, 2025 | A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name. This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window. | ||
| CVE-2025-43445 | Med | 0.28 | 4.3 | 0.01 | Nov 4, 2025 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing a maliciously… | ||
| CVE-2025-43385 | Med | 0.28 | 4.3 | 0.01 | Nov 4, 2025 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to… | ||
| CVE-2025-43384 | Med | 0.28 | 4.3 | 0.01 | Nov 4, 2025 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to… |
- risk 0.34cvss 5.3epss 0.00
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.
- risk 0.34cvss 5.3epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. Turning off "Load remote content in messages” may not apply to all mail previews.
- risk 0.34cvss 5.2epss 0.00
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.
- risk 0.34cvss 5.3epss 0.00
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
- risk 0.33cvss 5.1epss 0.00
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
- risk 0.33cvss 5.0epss 0.01
The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system.
- risk 0.31cvss 4.7epss 0.00
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data.
- risk 0.31cvss 4.7epss 0.00
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access user-sensitive data.
- risk 0.30cvss 4.6epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to crash a system process.
- risk 0.30cvss 4.6epss 0.00
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.
- risk 0.29cvss 4.4epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted file may…
- risk 0.29cvss 4.4epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app with root privileges may be able to access private information.
- risk 0.29cvss 4.4epss 0.00
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to trick a user into copying sensitive data to the pasteboard.
- risk 0.29cvss 4.4epss 0.00
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious app may be able to create symlinks to protected regions of the disk.
- risk 0.29cvss 4.4epss 0.00
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to bypass Privacy preferences.
- risk 0.29cvss 4.4epss 0.00
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, visionOS 2. A malicious app with root privileges may be able to modify the contents of system files.
- risk 0.28cvss 4.3epss 0.00
A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name. This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window.
- risk 0.28cvss 4.3epss 0.01
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing a maliciously…
- risk 0.28cvss 4.3epss 0.01
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to…
- risk 0.28cvss 4.3epss 0.01
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to…
Page 13 of 20