Apple macOS vulnerabilities

3,139 known vulnerabilities affecting apple/mac_os_x.

Total CVEs

3,139

CISA KEV

actively exploited

Public exploits

277

Exploited in wild

Severity breakdown

CRITICAL302HIGH1409MEDIUM1236LOW192

Vulnerabilities

Page 57 of 157

CVE-2018-4089HIGHCVSS 8.8PoCfixed in 10.13.32018-04-03

CVE-2018-4089 [HIGH] CWE-119 CVE-2018-4089: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a

nvd

CVE-2017-7002HIGHCVSS 8.8fixed in 10.12.52018-04-03

CVE-2017-7002 [HIGH] CWE-119 CVE-2017-7002: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

nvd

CVE-2017-7000HIGHCVSS 8.8fixed in 10.12.52018-04-03

CVE-2017-7000 [HIGH] CWE-119 CVE-2017-7000: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

nvd

CVE-2018-4150HIGHCVSS 7.8fixed in 10.13.42018-04-03

CVE-2018-4150 [HIGH] CWE-119 CVE-2018-4150: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app

nvd

CVE-2017-13854HIGHCVSS 7.8fixed in 10.13.02018-04-03

CVE-2017-13854 [HIGH] CWE-119 CVE-2017-13854: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2018-4085HIGHCVSS 8.8fixed in 10.13.32018-04-03

CVE-2018-4085 [HIGH] CWE-119 CVE-2018-4085: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "QuartzCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) vi

nvd

CVE-2017-7001HIGHCVSS 8.8fixed in 10.12.52018-04-03

CVE-2017-7001 [HIGH] CWE-119 CVE-2017-7001: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

nvd

CVE-2018-4135HIGHCVSS 7.8fixed in 10.13.42018-04-03

CVE-2018-4135 [HIGH] CWE-119 CVE-2018-4135: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2018-4170HIGHCVSS 7.8fixed in 10.13.42018-04-03

CVE-2018-4170 [HIGH] CWE-522 CVE-2018-4170: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.

nvd

CVE-2018-4097HIGHCVSS 7.8fixed in 10.13.32018-04-03

CVE-2018-4097 [HIGH] CWE-20 CVE-2018-4097: An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

nvd

CVE-2018-4098HIGHCVSS 7.8fixed in 10.13.32018-04-03

CVE-2018-4098 [HIGH] CWE-119 CVE-2018-4098: An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2018-4106HIGHCVSS 8.8fixed in 10.13.42018-04-03

CVE-2018-4106 [HIGH] CWE-74 CVE-2018-4106: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content.

nvd

CVE-2018-4096HIGHCVSS 8.8fixed in 10.13.32018-04-03

CVE-2018-4096 [HIGH] CWE-119 CVE-2018-4096: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows

nvd

CVE-2018-4094HIGHCVSS 7.8fixed in 10.13.32018-04-03

CVE-2018-4094 [HIGH] CWE-119 CVE-2018-4094: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a c

nvd

CVE-2017-13827HIGHCVSS 7.8v10.13.02018-04-03

CVE-2017-13827 [HIGH] CVE-2017-13827: An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involve An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading.

nvd

CVE-2018-4151HIGHCVSS 7.0fixed in 10.13.42018-04-03

CVE-2018-4151 [HIGH] CWE-362 CVE-2018-4151: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

nvd

CVE-2017-13851MEDIUMCVSS 5.5v10.13.02018-04-03

CVE-2017-13851 [MEDIUM] CVE-2017-13851: An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involve An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files.

nvd

CVE-2018-4084MEDIUMCVSS 5.5fixed in 10.13.32018-04-03

CVE-2018-4084 [MEDIUM] CWE-200 CVE-2018-4084: An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Wi-Fi" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2018-4090MEDIUMCVSS 5.5PoCfixed in 10.13.32018-04-03

CVE-2018-4090 [MEDIUM] CWE-200 CVE-2018-4090: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2018-4112MEDIUMCVSS 5.5fixed in 10.13.42018-04-03

CVE-2018-4112 [MEDIUM] CWE-59 CVE-2018-4112: An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling.

nvd

← Previous57 / 157Next →