Apple macOS vulnerabilities
3,139 known vulnerabilities affecting apple/mac_os_x.
Total CVEs
3,139
CISA KEV
26
actively exploited
Public exploits
277
Exploited in wild
28
Severity breakdown
CRITICAL302HIGH1409MEDIUM1236LOW192
Vulnerabilities
Page 36 of 157
CVE-2020-3906HIGHCVSS 7.8fixed in 10.15.42020-04-01
CVE-2020-3906 [HIGH] CVE-2020-3906: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement.
nvd
CVE-2020-3881MEDIUMCVSS 5.5fixed in 10.15.42020-04-01
CVE-2020-3881 [MEDIUM] CVE-2020-3881: A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information.
nvd
CVE-2020-3884MEDIUMCVSS 6.1fixed in 10.15.42020-04-01
CVE-2020-3884 [MEDIUM] CWE-20 CVE-2020-3884: An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.
An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution.
nvd
CVE-2020-9775MEDIUMCVSS 5.3≥ 10.15, < 10.15.42020-04-01
CVE-2020-9775 [MEDIUM] CWE-665 CVE-2020-9775: An issue existed in the handling of tabs displaying picture in picture video. The issue was correcte
An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time.
nvd
CVE-2020-3914MEDIUMCVSS 5.5fixed in 10.15.42020-04-01
CVE-2020-3914 [MEDIUM] CWE-401 CVE-2020-3914: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory.
nvd
CVE-2020-3889MEDIUMCVSS 5.5fixed in 10.15.42020-04-01
CVE-2020-3889 [MEDIUM] CVE-2020-3889: A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files.
nvd
CVE-2020-9776LOWCVSS 3.3fixed in 10.15.42020-04-01
CVE-2020-9776 [LOW] CVE-2020-9776: This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A ma
This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history.
nvd
CVE-2019-8741HIGHCVSS 7.5fixed in 10.152020-02-28
CVE-2019-8741 [HIGH] CWE-835 CVE-2019-8741: A denial of service issue was addressed with improved input validation.
A denial of service issue was addressed with improved input validation.
nvd
CVE-2020-3853HIGHCVSS 7.8fixed in 10.15.32020-02-27
CVE-2020-3853 [HIGH] CWE-843 CVE-2020-3853: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to execute arbitrary code with system privileges.
nvd
CVE-2020-3842HIGHCVSS 7.8fixed in 10.15.32020-02-27
CVE-2020-3842 [HIGH] CWE-787 CVE-2020-3842: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2020-3857HIGHCVSS 7.8fixed in 10.15.32020-02-27
CVE-2020-3857 [HIGH] CWE-787 CVE-2020-3857: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.
nvd
CVE-2020-3878HIGHCVSS 7.8≥ 10.13, < 10.13.6≥ 10.14, < 10.14.6+3 more2020-02-27
CVE-2020-3878 [HIGH] CWE-125 CVE-2020-3878: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2020-3837HIGHCVSS 7.8KEVPoCfixed in 10.15.32020-02-27
CVE-2020-3837 [HIGH] CWE-787 CVE-2020-3837: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2020-3854HIGHCVSS 7.8fixed in 10.15.32020-02-27
CVE-2020-3854 [HIGH] CWE-787 CVE-2020-3854: A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges.
nvd
CVE-2020-3870HIGHCVSS 7.8fixed in 10.15.32020-02-27
CVE-2020-3870 [HIGH] CWE-125 CVE-2020-3870: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2020-3838HIGHCVSS 7.8fixed in 10.14.6≥ 10.15, < 10.15.3+1 more2020-02-27
CVE-2020-3838 [HIGH] CWE-276 CVE-2020-3838: The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadO
The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.
nvd
CVE-2020-3877HIGHCVSS 7.5fixed in 10.15.32020-02-27
CVE-2020-3877 [HIGH] CWE-125 CVE-2020-3877: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Cat
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
nvd
CVE-2020-3856HIGHCVSS 7.8fixed in 10.15.32020-02-27
CVE-2020-3856 [HIGH] CWE-20 CVE-2020-3856: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted string may lead to heap corruption.
nvd
CVE-2020-3840HIGHCVSS 7.8fixed in 10.15.32020-02-27
CVE-2020-3840 [HIGH] CWE-119 CVE-2020-3840: An off by one issue existed in the handling of racoon configuration files. This issue was addressed
An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution.
nvd
CVE-2020-3827HIGHCVSS 7.8fixed in 10.15.32020-02-27
CVE-2020-3827 [HIGH] CWE-787 CVE-2020-3827: A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution.
nvd