macOS Sonoma
by Apple Inc.
CVEs (436)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27850 | Med | 0.42 | 6.5 | 0.01 | Jun 10, 2024 | This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. A maliciously crafted webpage may be able to fingerprint the user. | ||
| CVE-2024-27838 | Med | 0.42 | 6.5 | 0.01 | Jun 10, 2024 | The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user. | ||
| CVE-2024-27800 | Med | 0.42 | 6.5 | 0.01 | Jun 10, 2024 | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a maliciously crafted… | ||
| CVE-2024-23271 | Med | 0.42 | 6.5 | 0.01 | Apr 24, 2024 | A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. | ||
| CVE-2024-23280 | Med | 0.42 | 6.5 | 0.01 | Mar 8, 2024 | An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user. | ||
| CVE-2024-23263 | Med | 0.42 | 6.5 | 0.01 | Mar 8, 2024 | A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security… | ||
| CVE-2024-23259 | Med | 0.42 | 6.5 | 0.01 | Mar 8, 2024 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. | ||
| CVE-2023-40385 | Med | 0.42 | 6.5 | 0.01 | Jan 10, 2024 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on. | ||
| CVE-2023-42861 | Med | 0.42 | 6.5 | 0.01 | Oct 25, 2023 | A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac. | ||
| CVE-2023-39233 | Med | 0.42 | 6.5 | 0.01 | Sep 27, 2023 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information. | ||
| CVE-2025-43412 | Med | 0.41 | 6.3 | 0.00 | Nov 4, 2025 | A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to break out of its sandbox. | ||
| CVE-2024-27885 | Med | 0.41 | 6.3 | 0.00 | Jun 10, 2024 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system. | ||
| CVE-2023-42887 | Med | 0.41 | 6.3 | 0.00 | Jan 23, 2024 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files. | ||
| CVE-2023-42914 | Med | 0.41 | 6.3 | 0.01 | Dec 12, 2023 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox. | ||
| CVE-2024-40797 | Med | 0.40 | 6.1 | 0.00 | Sep 17, 2024 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Visiting a malicious website may lead to user interface spoofing. | ||
| CVE-2024-40817 | Med | 0.40 | 6.1 | 0.01 | Jul 29, 2024 | The issue was addressed with improved UI handling. This issue is fixed in Safari 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing. | ||
| CVE-2024-23277 | Med | 0.38 | 5.9 | 0.01 | Mar 8, 2024 | The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard. | ||
| CVE-2025-46301 | Med | 0.37 | 5.7 | 0.00 | Feb 11, 2026 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected… | ||
| CVE-2023-42940 | Med | 0.37 | 5.7 | 0.01 | Dec 19, 2023 | A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content. | ||
| CVE-2025-43290 | Med | 0.36 | 5.5 | 0.00 | May 26, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system. |
- risk 0.42cvss 6.5epss 0.01
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. A maliciously crafted webpage may be able to fingerprint the user.
- risk 0.42cvss 6.5epss 0.01
The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.
- risk 0.42cvss 6.5epss 0.01
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a maliciously crafted…
- risk 0.42cvss 6.5epss 0.01
A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.
- risk 0.42cvss 6.5epss 0.01
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.
- risk 0.42cvss 6.5epss 0.01
A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security…
- risk 0.42cvss 6.5epss 0.01
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
- risk 0.42cvss 6.5epss 0.01
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.
- risk 0.42cvss 6.5epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.
- risk 0.42cvss 6.5epss 0.01
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information.
- risk 0.41cvss 6.3epss 0.00
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to break out of its sandbox.
- risk 0.41cvss 6.3epss 0.00
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system.
- risk 0.41cvss 6.3epss 0.00
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files.
- risk 0.41cvss 6.3epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox.
- risk 0.40cvss 6.1epss 0.00
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Visiting a malicious website may lead to user interface spoofing.
- risk 0.40cvss 6.1epss 0.01
The issue was addressed with improved UI handling. This issue is fixed in Safari 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing.
- risk 0.38cvss 5.9epss 0.01
The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.
- risk 0.37cvss 5.7epss 0.00
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected…
- risk 0.37cvss 5.7epss 0.01
A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.
- risk 0.36cvss 5.5epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system.
Page 8 of 22