Apple macOS vulnerabilities
3,139 known vulnerabilities affecting apple/mac_os_x.
Total CVEs
3,139
CISA KEV
26
actively exploited
Public exploits
277
Exploited in wild
28
Severity breakdown
CRITICAL302HIGH1409MEDIUM1236LOW192
Vulnerabilities
Page 27 of 157
CVE-2019-8774MEDIUMCVSS 5.5fixed in 10.152020-10-27
CVE-2019-8774 [MEDIUM] CWE-20 CVE-2019-8774: A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service.
nvd
CVE-2018-4468MEDIUMCVSS 5.5≥ 10.14, < 10.14.12020-10-27
CVE-2018-4468 [MEDIUM] CVE-2018-4468: This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10
This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra. A malicious application may be able to access restricted files.
nvd
CVE-2019-8761MEDIUMCVSS 5.5fixed in 10.152020-10-27
CVE-2019-8761 [MEDIUM] CVE-2019-8761: This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Securi
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.
nvd
CVE-2019-8853MEDIUMCVSS 5.5fixed in 10.15.42020-10-27
CVE-2019-8853 [MEDIUM] CWE-20 CVE-2019-8853: A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Cata
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory.
nvd
CVE-2019-8839MEDIUMCVSS 5.5fixed in 10.15.22020-10-27
CVE-2019-8839 [MEDIUM] CWE-120 CVE-2019-8839: A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An attacker in a privileged position may be able to perform a denial of service attack.
nvd
CVE-2019-8737MEDIUMCVSS 6.5fixed in 10.15.12020-10-27
CVE-2019-8737 [MEDIUM] CWE-20 CVE-2019-8737: A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catal
A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack.
nvd
CVE-2019-8754MEDIUMCVSS 6.5fixed in 10.15.12020-10-27
CVE-2019-8754 [MEDIUM] CWE-346 CVE-2019-8754: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of se
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information.
nvd
CVE-2018-4390MEDIUMCVSS 5.5≥ 10.13, < 10.13.12020-10-27
CVE-2018-4390 [MEDIUM] CVE-2018-4390: An inconsistent user interface issue was addressed with improved state management. This issue is fix
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.
nvd
CVE-2018-4391MEDIUMCVSS 5.5≥ 10.13, < 10.13.12020-10-27
CVE-2018-4391 [MEDIUM] CVE-2018-4391: An inconsistent user interface issue was addressed with improved state management. This issue is fix
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.
nvd
CVE-2019-8855MEDIUMCVSS 6.3fixed in 10.152020-10-27
CVE-2019-8855 [MEDIUM] CVE-2019-8855: An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Cat
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access restricted files.
nvd
CVE-2019-8753MEDIUMCVSS 6.1fixed in 10.152020-10-27
CVE-2019-8753 [MEDIUM] CWE-79 CVE-2019-8753: This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.
nvd
CVE-2019-8796MEDIUMCVSS 5.3fixed in 10.15.12020-10-27
CVE-2019-8796 [MEDIUM] CVE-2019-8796: A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1,
A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode.
nvd
CVE-2019-8656MEDIUMCVSS 5.5fixed in 10.14.62020-10-27
CVE-2019-8656 [MEDIUM] CVE-2019-8656: This was addressed with additional checks by Gatekeeper on files mounted through a network share. Th
This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper.
nvd
CVE-2019-8569MEDIUMCVSS 6.7fixed in 10.14.52020-10-27
CVE-2019-8569 [MEDIUM] CWE-787 CVE-2019-8569: A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privilege
nvd
CVE-2019-8708MEDIUMCVSS 5.5fixed in 10.152020-10-27
CVE-2019-8708 [MEDIUM] CVE-2019-8708: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.
nvd
CVE-2019-8858MEDIUMCVSS 5.3fixed in 10.15.12020-10-27
CVE-2019-8858 [MEDIUM] CVE-2019-8858: A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing.
nvd
CVE-2019-8834MEDIUMCVSS 4.3fixed in 10.15.22020-10-27
CVE-2019-8834 [MEDIUM] CVE-2019-8834: A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3,
A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position
nvd
CVE-2018-4433MEDIUMCVSS 5.5fixed in 10.14.4fixed in 10.142020-10-27
CVE-2018-4433 [MEDIUM] CVE-2018-4433: A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojav
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system.
nvd
CVE-2019-8736MEDIUMCVSS 6.5fixed in 10.152020-10-27
CVE-2019-8736 [MEDIUM] CWE-20 CVE-2019-8736: An input validation issue was addressed with improved input validation. This issue is fixed in macOS
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged network position may be able to leak sensitive user information.
nvd
CVE-2019-8850MEDIUMCVSS 5.5fixed in 10.15.12020-10-27
CVE-2019-8850 [MEDIUM] CWE-125 CVE-2019-8850: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Cat
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory.
nvd