Apple macOS vulnerabilities

3,139 known vulnerabilities affecting apple/mac_os_x.

Total CVEs

3,139

CISA KEV

actively exploited

Public exploits

277

Exploited in wild

Severity breakdown

CRITICAL302HIGH1409MEDIUM1236LOW192

Vulnerabilities

Page 55 of 157

CVE-2018-4253MEDIUMCVSS 5.5fixed in 10.13.52018-06-08

CVE-2018-4253 [MEDIUM] CWE-125 CVE-2018-4253: An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "AMD" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app.

nvd

CVE-2018-12015HIGHCVSS 7.5fixed in 10.14.42018-06-07

CVE-2018-12015 [HIGH] CWE-59 CVE-2018-12015: In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traver In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

nvd

CVE-2018-8897HIGHCVSS 7.8PoCfixed in 10.13.42018-05-08

CVE-2018-8897 [HIGH] CWE-362 CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Develop A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS

nvd

CVE-2018-4173MEDIUMCVSS 5.5fixed in 10.13.42018-04-13

CVE-2018-4173 [MEDIUM] CWE-269 CVE-2018-4173: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.

nvd

CVE-2018-4115CRITICALCVSS 9.8fixed in 10.13.42018-04-03

CVE-2018-4115 [CRITICAL] CWE-281 CVE-2018-4115: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profil

nvd

CVE-2018-4108CRITICALCVSS 9.8fixed in 10.13.42018-04-03

CVE-2018-4108 [CRITICAL] CWE-20 CVE-2018-4108: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Management" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.

nvd

CVE-2018-4091CRITICALCVSS 10.0fixed in 10.13.32018-04-03

CVE-2018-4091 [CRITICAL] CVE-2018-4091: An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism.

nvd

CVE-2018-4124CRITICALCVSS 9.8fixed in 10.13.32018-04-03

CVE-2018-4124 [CRITICAL] CWE-119 CVE-2018-4124: An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly

nvd

CVE-2018-4105CRITICALCVSS 9.8fixed in 10.13.42018-04-03

CVE-2018-4105 [CRITICAL] CWE-20 CVE-2018-4105: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.

nvd

CVE-2018-4082HIGHCVSS 7.8fixed in 10.13.32018-04-03

CVE-2018-4082 [HIGH] CWE-119 CVE-2018-4082: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a craft

nvd

CVE-2018-4152HIGHCVSS 7.0fixed in 10.13.42018-04-03

CVE-2018-4152 [HIGH] CWE-362 CVE-2018-4152: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

nvd

CVE-2017-7171HIGHCVSS 7.8fixed in 10.13.22018-04-03

CVE-2017-7171 [HIGH] CWE-119 CVE-2017-7171: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CoreAnimation" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a craf

nvd

CVE-2018-4157HIGHCVSS 7.0fixed in 10.13.42018-04-03

CVE-2018-4157 [HIGH] CWE-362 CVE-2018-4157: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

nvd

CVE-2018-4156HIGHCVSS 7.0fixed in 10.13.42018-04-03

CVE-2018-4156 [HIGH] CWE-362 CVE-2018-4156: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

nvd

CVE-2018-4136HIGHCVSS 7.8fixed in 10.13.42018-04-03

CVE-2018-4136 [HIGH] CWE-125 CVE-2018-4136: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.

nvd

CVE-2017-7172HIGHCVSS 7.8fixed in 10.13.22018-04-03

CVE-2017-7172 [HIGH] CWE-119 CVE-2017-7172: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CFNetwork Session" component. It allows attackers to execute arbitra

nvd

CVE-2017-7065HIGHCVSS 8.8fixed in 10.12.62018-04-03

CVE-2017-7065 [HIGH] CWE-119 CVE-2017-7065: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11.

nvd

CVE-2018-4132HIGHCVSS 7.8fixed in 10.13.42018-04-03

CVE-2018-4132 [HIGH] CWE-119 CVE-2018-4132: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2018-4083HIGHCVSS 7.8PoCfixed in 10.13.32018-04-03

CVE-2018-4083 [HIGH] CWE-119 CVE-2018-4083: An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Touch Bar Support" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-7004HIGHCVSS 7.0PoCfixed in 10.12.52018-04-03

CVE-2017-7004 [HIGH] CWE-362 CVE-2017-7004: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app.

nvd

← Previous55 / 157Next →