VYPR

macOS Sonoma

by Apple Inc.

CVEs (436)

  • CVE-2024-40834MedJul 29, 2024
    risk 0.29cvss 4.4epss 0.00

    This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings.

  • CVE-2024-27883MedJul 29, 2024
    risk 0.29cvss 4.4epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.

  • CVE-2024-27882MedJul 29, 2024
    risk 0.29cvss 4.4epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.

  • CVE-2024-27853MedJul 29, 2024
    risk 0.29cvss 4.4epss 0.00

    This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A maliciously crafted ZIP archive may bypass Gatekeeper checks.

  • CVE-2025-24279MedMar 31, 2025
    risk 0.28cvss 4.3epss 0.00

    This issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access contacts.

  • CVE-2024-40776MedJul 29, 2024
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an…

  • CVE-2026-28826MedMar 25, 2026
    risk 0.26cvss 4.0epss 0.00

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A malicious app may be able to break out of its sandbox.

  • CVE-2025-43236LowApr 2, 2026
    risk 0.21cvss 3.3epss 0.00

    A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.

  • CVE-2025-43517LowDec 12, 2025
    risk 0.21cvss 3.3epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.

  • CVE-2025-43516LowDec 12, 2025
    risk 0.21cvss 3.3epss 0.00

    A session management issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. A user with Voice Control enabled may be able to transcribe another user's activity.

  • CVE-2025-43395LowNov 4, 2025
    risk 0.21cvss 3.3epss 0.00

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access protected user data.

  • CVE-2025-24121LowJan 27, 2025
    risk 0.21cvss 3.3epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to modify protected parts of the file system.

  • CVE-2025-24100LowJan 27, 2025
    risk 0.21cvss 3.3epss 0.00

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access information about a user's contacts.

  • CVE-2024-40791LowSep 17, 2024
    risk 0.21cvss 3.3epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.

  • CVE-2024-40832LowJul 29, 2024
    risk 0.21cvss 3.3epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.

  • CVE-2024-40778LowJul 29, 2024
    risk 0.21cvss 3.3epss 0.00

    An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Photos in the Hidden Photos Album may be viewed without authentication.

  • CVE-2024-27799LowJun 10, 2024
    risk 0.21cvss 3.3epss 0.00

    This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An unprivileged app may be able to log keystrokes in other apps including those using secure input…

  • CVE-2024-27837LowMay 14, 2024
    risk 0.21cvss 3.3epss 0.00

    A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items.

  • CVE-2024-23292LowMar 8, 2024
    risk 0.21cvss 3.3epss 0.00

    This issue was addressed with improved data protection. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access information about a user's contacts.

  • CVE-2024-23291LowMar 8, 2024
    risk 0.21cvss 3.3epss 0.01

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.

Page 14 of 22