Apple macOS vulnerabilities
3,139 known vulnerabilities affecting apple/mac_os_x.
Total CVEs
3,139
CISA KEV
26
actively exploited
Public exploits
277
Exploited in wild
28
Severity breakdown
CRITICAL302HIGH1409MEDIUM1236LOW192
Vulnerabilities
Page 59 of 157
CVE-2017-7154MEDIUMCVSS 6.6PoCfixed in 10.13.22017-12-27
CVE-2017-7154 [MEDIUM] CWE-20 CVE-2017-7154: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).
nvd
CVE-2017-7158MEDIUMCVSS 6.5fixed in 10.13.22017-12-27
CVE-2017-7158 [MEDIUM] CWE-119 CVE-2017-7158: An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access.
nvd
CVE-2017-13883HIGHCVSS 7.8fixed in 10.13.22017-12-25
CVE-2017-13883 [HIGH] CWE-119 CVE-2017-13883: An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2017-13858HIGHCVSS 7.8fixed in 10.13.22017-12-25
CVE-2017-13858 [HIGH] CWE-20 CVE-2017-13858: An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvd
CVE-2017-13878HIGHCVSS 7.1PoCfixed in 10.13.22017-12-25
CVE-2017-13878 [HIGH] CWE-125 CVE-2017-13878: An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).
nvd
CVE-2017-13876HIGHCVSS 7.8PoCfixed in 10.13.22017-12-25
CVE-2017-13876 [HIGH] CWE-119 CVE-2017-13876: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted a
nvd
CVE-2017-13871HIGHCVSS 7.5fixed in 10.13.22017-12-25
CVE-2017-13871 [HIGH] CVE-2017-13871: An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient.
nvd
CVE-2017-13867HIGHCVSS 7.8PoCfixed in 10.13.22017-12-25
CVE-2017-13867 [HIGH] CWE-119 CVE-2017-13867: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted a
nvd
CVE-2017-13875HIGHCVSS 7.8PoCfixed in 10.13.22017-12-25
CVE-2017-13875 [HIGH] CWE-125 CVE-2017-13875: An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
nvd
CVE-2017-13848HIGHCVSS 7.8fixed in 10.13.22017-12-25
CVE-2017-13848 [HIGH] CWE-20 CVE-2017-13848: An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvd
CVE-2017-13847HIGHCVSS 7.8PoCfixed in 10.13.22017-12-25
CVE-2017-13847 [HIGH] CWE-119 CVE-2017-13847: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2017-13862HIGHCVSS 7.8fixed in 10.13.22017-12-25
CVE-2017-13862 [HIGH] CWE-119 CVE-2017-13862: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted a
nvd
CVE-2017-13869MEDIUMCVSS 5.5PoCfixed in 10.13.22017-12-25
CVE-2017-13869 [MEDIUM] CWE-200 CVE-2017-13869: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvd
CVE-2017-13860MEDIUMCVSS 5.9fixed in 10.13.22017-12-25
CVE-2017-13860 [MEDIUM] CVE-2017-13860: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption.
nvd
CVE-2017-13868MEDIUMCVSS 5.5PoCfixed in 10.13.22017-12-25
CVE-2017-13868 [MEDIUM] CWE-200 CVE-2017-13868: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvd
CVE-2017-13865MEDIUMCVSS 5.5PoCfixed in 10.13.22017-12-25
CVE-2017-13865 [MEDIUM] CWE-200 CVE-2017-13865: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvd
CVE-2017-13855MEDIUMCVSS 5.5PoCfixed in 10.13.22017-12-25
CVE-2017-13855 [MEDIUM] CWE-704 CVE-2017-13855: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion.
nvd
CVE-2017-13872HIGHCVSS 8.1PoCv10.13.0v10.13.12017-11-29
CVE-2017-13872 [HIGH] CWE-287 CVE-2017-13872: An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.
nvd
CVE-2017-13846CRITICALCVSS 9.8≤ 10.13.02017-11-13
CVE-2017-13846 [CRITICAL] CVE-2017-13846: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
nvd
CVE-2017-13815CRITICALCVSS 9.8≤ 10.13.02017-11-13
CVE-2017-13815 [CRITICAL] CVE-2017-13815: An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
nvd