Apple macOS vulnerabilities
3,139 known vulnerabilities affecting apple/mac_os_x.
Total CVEs
3,139
CISA KEV
26
actively exploited
Public exploits
265
Exploited in wild
28
Severity breakdown
CRITICAL302HIGH1409MEDIUM1236LOW192
Vulnerabilities
Page 13 of 157
CVE-2021-1884MEDIUMCVSS 5.9≥ 10.14.0, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-09-08
CVE-2021-1884 [MEDIUM] CWE-362 CVE-2021-1884: A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-00
A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service.
nvd
CVE-2021-30733MEDIUMCVSS 5.5≥ 10.14.0, ≤ 10.14.5v10.14.6+8 more2021-09-08
CVE-2021-30733 [MEDIUM] CWE-125 CVE-2021-30733: An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory.
nvd
CVE-2021-1824MEDIUMCVSS 4.4≥ 10.15, ≤ 10.15.5v10.15.6+1 more2021-09-08
CVE-2021-1824 [MEDIUM] CVE-2021-1824: This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Secu
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information.
nvd
CVE-2021-30702MEDIUMCVSS 4.6≥ 10.14, ≤ 10.14.5≥ 10.15, ≤ 10.15.6+2 more2021-09-08
CVE-2021-30702 [MEDIUM] CWE-287 CVE-2021-30702: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A person with physical access to a Mac may be able to bypass Login Window.
nvd
CVE-2021-30673MEDIUMCVSS 5.5≥ 10.15, ≤ 10.15.6v10.15.72021-09-08
CVE-2021-30673 [MEDIUM] CVE-2021-30673: An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Su
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to access a user's call history.
nvd
CVE-2021-30738MEDIUMCVSS 5.5≥ 10.14.0, ≤ 10.14.5v10.14.62021-09-08
CVE-2021-30738 [MEDIUM] CVE-2021-30738: A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big S
A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization.
nvd
CVE-2021-30671LOWCVSS 3.3≥ 10.15, ≤ 10.15.6v10.15.72021-09-08
CVE-2021-30671 [LOW] CWE-20 CVE-2021-30671: A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Sec
A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder.
nvd
CVE-2021-31010HIGHCVSS 7.5KEV≥ 10.15, < 10.15.7v10.15.72021-08-24
CVE-2021-31010 [HIGH] CWE-502 CVE-2021-31010: A deserialization issue was addressed through improved validation. This issue is fixed in Security U
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the tim
nvd
CVE-2021-30869HIGHCVSS 7.8KEV≥ 10.14, ≤ 10.14.6≥ 10.15, ≤ 10.15.6+2 more2021-08-24
CVE-2021-30869 [HIGH] CWE-843 CVE-2021-30869: A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware o
nvd
CVE-2021-30909HIGHCVSS 7.8fixed in 10.15.7v10.15.72021-08-24
CVE-2021-30909 [HIGH] CWE-787 CVE-2021-30909: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2021-30873HIGHCVSS 7.8≥ 10.15, < 10.15.7v10.15.72021-08-24
CVE-2021-30873 [HIGH] CVE-2021-30873: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to elevate privileges.
nvd
CVE-2021-30903HIGHCVSS 7.8≥ 10.15, < 10.15.7v10.15.72021-08-24
CVE-2021-30903 [HIGH] CVE-2021-30903: This issue was addressed with improved checks. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1,
This issue was addressed with improved checks. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution.
nvd
CVE-2021-30938HIGHCVSS 7.7≥ 10.15, < 10.15.7v10.15.72021-08-24
CVE-2021-30938 [HIGH] CVE-2021-30938: This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.1, Security
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A local user may be able to cause unexpected system termination or read kernel memory.
nvd
CVE-2021-30876HIGHCVSS 7.1≥ 10.15, ≤ 10.15.6v10.15.72021-08-24
CVE-2021-30876 [HIGH] CWE-125 CVE-2021-30876: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mont
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
nvd
CVE-2021-30977HIGHCVSS 7.8≥ 10.15, < 10.15.7v10.15.72021-08-24
CVE-2021-30977 [HIGH] CWE-120 CVE-2021-30977: A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2021-30969HIGHCVSS 7.8≥ 10.15, ≤ 10.15.7v10.15.72021-08-24
CVE-2021-30969 [HIGH] CVE-2021-30969: A path handling issue was addressed with improved validation. This issue is fixed in Security Update
A path handling issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk.
nvd
CVE-2021-30860HIGHCVSS 7.8KEV≥ 10.15, < 10.15.7v10.15.72021-08-24
CVE-2021-30860 [HIGH] CWE-190 CVE-2021-30860: An integer overflow was addressed with improved input validation. This issue is fixed in Security Up
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
nvd
CVE-2021-30927HIGHCVSS 7.8v10.15.72021-08-24
CVE-2021-30927 [HIGH] CWE-416 CVE-2021-30927: A use after free issue was addressed with improved memory management. This issue is fixed in macOS B
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2021-30975HIGHCVSS 8.6≥ 10.15, < 10.15.7v10.15.72021-08-24
CVE-2021-30975 [HIGH] CWE-863 CVE-2021-30975: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. T
This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions.
nvd
CVE-2021-30980HIGHCVSS 7.8≥ 10.15, < 10.15.7v10.15.72021-08-24
CVE-2021-30980 [HIGH] CWE-416 CVE-2021-30980: A use after free issue was addressed with improved memory management. This issue is fixed in macOS B
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges.
nvd