VYPR

macOS Sonoma

by Apple Inc.

CVEs (436)

  • CVE-2024-27850MedJun 10, 2024
    risk 0.42cvss 6.5epss 0.01

    This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. A maliciously crafted webpage may be able to fingerprint the user.

  • CVE-2024-27838MedJun 10, 2024
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.

  • CVE-2024-27800MedJun 10, 2024
    risk 0.42cvss 6.5epss 0.01

    This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a maliciously crafted…

  • CVE-2024-23271MedApr 24, 2024
    risk 0.42cvss 6.5epss 0.01

    A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.

  • CVE-2024-23280MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.

  • CVE-2024-23263MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security…

  • CVE-2024-23259MedMar 8, 2024
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.

  • CVE-2023-40385MedJan 10, 2024
    risk 0.42cvss 6.5epss 0.01

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.

  • CVE-2023-42861MedOct 25, 2023
    risk 0.42cvss 6.5epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

  • CVE-2023-39233MedSep 27, 2023
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information.

  • CVE-2025-43412MedNov 4, 2025
    risk 0.41cvss 6.3epss 0.00

    A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to break out of its sandbox.

  • CVE-2024-27885MedJun 10, 2024
    risk 0.41cvss 6.3epss 0.00

    This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system.

  • CVE-2023-42887MedJan 23, 2024
    risk 0.41cvss 6.3epss 0.00

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files.

  • CVE-2023-42914MedDec 12, 2023
    risk 0.41cvss 6.3epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox.

  • CVE-2024-40797MedSep 17, 2024
    risk 0.40cvss 6.1epss 0.00

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Visiting a malicious website may lead to user interface spoofing.

  • CVE-2024-40817MedJul 29, 2024
    risk 0.40cvss 6.1epss 0.01

    The issue was addressed with improved UI handling. This issue is fixed in Safari 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing.

  • CVE-2024-23277MedMar 8, 2024
    risk 0.38cvss 5.9epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.

  • CVE-2025-46301MedFeb 11, 2026
    risk 0.37cvss 5.7epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected…

  • CVE-2023-42940MedDec 19, 2023
    risk 0.37cvss 5.7epss 0.01

    A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.

  • CVE-2025-43290MedMay 26, 2026
    risk 0.36cvss 5.5epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system.

Page 8 of 22