Apple macOS vulnerabilities
3,139 known vulnerabilities affecting apple/mac_os_x.
Total CVEs
3,139
CISA KEV
26
actively exploited
Public exploits
277
Exploited in wild
28
Severity breakdown
CRITICAL302HIGH1409MEDIUM1236LOW192
Vulnerabilities
Page 54 of 157
CVE-2018-4184HIGHCVSS 7.5fixed in 10.13.52018-06-08
CVE-2018-4184 [HIGH] CVE-2018-4184: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access.
nvd
CVE-2018-4227HIGHCVSS 7.5fixed in 10.13.52018-06-08
CVE-2018-4227 [HIGH] CWE-319 CVE-2018-4227: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.
nvd
CVE-2018-4211HIGHCVSS 7.8fixed in 10.13.52018-06-08
CVE-2018-4211 [HIGH] CWE-119 CVE-2018-4211: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a
nvd
CVE-2018-4230HIGHCVSS 7.0PoCfixed in 10.13.52018-06-08
CVE-2018-4230 [HIGH] CWE-362 CVE-2018-4230: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.
nvd
CVE-2018-4193HIGHCVSS 7.8PoCfixed in 10.13.52018-06-08
CVE-2018-4193 [HIGH] CWE-119 CVE-2018-4193: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Windows Server" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2018-4237HIGHCVSS 7.8PoCfixed in 10.13.52018-06-08
CVE-2018-4237 [HIGH] CVE-2018-4237: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.
nvd
CVE-2018-4249HIGHCVSS 7.8fixed in 10.13.52018-06-08
CVE-2018-4249 [HIGH] CWE-190 CVE-2018-4249: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause
nvd
CVE-2018-4202MEDIUMCVSS 5.9fixed in 10.13.52018-06-08
CVE-2018-4202 [MEDIUM] CWE-20 CVE-2018-4202: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.
nvd
CVE-2018-4224MEDIUMCVSS 5.5fixed in 10.13.52018-06-08
CVE-2018-4224 [MEDIUM] CWE-200 CVE-2018-4224: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended re
nvd
CVE-2018-4198MEDIUMCVSS 5.5fixed in 10.13.52018-06-08
CVE-2018-4198 [MEDIUM] CWE-20 CVE-2018-4198: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote attackers to cause a denial of service via a crafted text file.
nvd
CVE-2018-4223MEDIUMCVSS 5.5fixed in 10.13.52018-06-08
CVE-2018-4223 [MEDIUM] CWE-200 CVE-2018-4223: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier.
nvd
CVE-2018-4226MEDIUMCVSS 5.5fixed in 10.13.52018-06-08
CVE-2018-4226 [MEDIUM] CWE-200 CVE-2018-4226: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of s
nvd
CVE-2018-4235MEDIUMCVSS 5.5fixed in 10.13.52018-06-08
CVE-2018-4235 [MEDIUM] CWE-74 CVE-2018-4235: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection.
nvd
CVE-2018-4225MEDIUMCVSS 5.5fixed in 10.13.52018-06-08
CVE-2018-4225 [MEDIUM] CWE-20 CVE-2018-4225: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state mo
nvd
CVE-2018-4187MEDIUMCVSS 6.5fixed in 10.13.42018-06-08
CVE-2018-4187 [MEDIUM] CWE-20 CVE-2018-4187: An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.
nvd
CVE-2018-4240MEDIUMCVSS 6.5PoCfixed in 10.13.52018-06-08
CVE-2018-4240 [MEDIUM] CWE-20 CVE-2018-4240: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.
nvd
CVE-2018-4171MEDIUMCVSS 5.5fixed in 10.13.52018-06-08
CVE-2018-4171 [MEDIUM] CWE-200 CVE-2018-4171: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties.
nvd
CVE-2018-4141MEDIUMCVSS 5.5fixed in 10.13.52018-06-08
CVE-2018-4141 [MEDIUM] CWE-200 CVE-2018-4141: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvd
CVE-2018-4251MEDIUMCVSS 5.5fixed in 10.13.52018-06-08
CVE-2018-4251 [MEDIUM] CWE-732 CVE-2018-4251: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access.
nvd
CVE-2018-4159MEDIUMCVSS 5.5fixed in 10.13.52018-06-08
CVE-2018-4159 [MEDIUM] CWE-200 CVE-2018-4159: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvd