Apple macOS vulnerabilities

3,139 known vulnerabilities affecting apple/mac_os_x.

Total CVEs

3,139

CISA KEV

actively exploited

Public exploits

277

Exploited in wild

Severity breakdown

CRITICAL302HIGH1409MEDIUM1236LOW192

Vulnerabilities

Page 66 of 157

CVE-2017-2542HIGHCVSS 7.8≤ 10.12.42017-05-22

CVE-2017-2542 [HIGH] CWE-119 CVE-2017-2542: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-2546HIGHCVSS 7.8≤ 10.12.42017-05-22

CVE-2017-2546 [HIGH] CWE-119 CVE-2017-2546: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-2501HIGHCVSS 7.0PoCfixed in 10.12.52017-05-22

CVE-2017-2501 [HIGH] CWE-362 CVE-2017-2501: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

nvd

CVE-2017-2543HIGHCVSS 7.8≤ 10.12.42017-05-22

CVE-2017-2543 [HIGH] CWE-119 CVE-2017-2543: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-6979HIGHCVSS 7.0PoC≤ 10.12.42017-05-22

CVE-2017-6979 [HIGH] CWE-362 CVE-2017-6979: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

nvd

CVE-2017-2545HIGHCVSS 7.8≤ 10.12.42017-05-22

CVE-2017-2545 [HIGH] CWE-119 CVE-2017-2545: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-2533HIGHCVSS 7.0PoC≤ 10.12.42017-05-22

CVE-2017-2533 [HIGH] CWE-362 CVE-2017-2533: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

nvd

CVE-2017-6985HIGHCVSS 7.8≤ 10.12.42017-05-22

CVE-2017-6985 [HIGH] CWE-119 CVE-2017-6985: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-6977HIGHCVSS 8.6≤ 10.12.42017-05-22

CVE-2017-6977 [HIGH] CWE-119 CVE-2017-6977: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-6978HIGHCVSS 7.8PoC≤ 10.12.42017-05-22

CVE-2017-6978 [HIGH] CWE-119 CVE-2017-6978: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-2494HIGHCVSS 7.8≤ 10.12.42017-05-22

CVE-2017-2494 [HIGH] CWE-119 CVE-2017-2494: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-2534HIGHCVSS 8.6≤ 10.12.42017-05-22

CVE-2017-2534 [HIGH] CVE-2017-2534: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks via a crafted app.

nvd

CVE-2017-6990MEDIUMCVSS 5.5≤ 10.12.42017-05-22

CVE-2017-6990 [MEDIUM] CVE-2017-6990: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-6987MEDIUMCVSS 5.5≤ 10.12.42017-05-22

CVE-2017-6987 [MEDIUM] CWE-200 CVE-2017-6987: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-2502MEDIUMCVSS 5.5fixed in 10.12.52017-05-22

CVE-2017-2502 [MEDIUM] CVE-2017-2502: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-2497MEDIUMCVSS 6.1≤ 10.12.42017-05-22

CVE-2017-2497 [MEDIUM] CWE-601 CVE-2017-2497: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.

nvd

CVE-2017-2516MEDIUMCVSS 5.0PoC≤ 10.12.42017-05-22

CVE-2017-2516 [MEDIUM] CVE-2017-2516: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-6988MEDIUMCVSS 5.9≤ 10.12.42017-05-22

CVE-2017-6988 [MEDIUM] CWE-295 CVE-2017-6988: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes.

nvd

CVE-2017-2540MEDIUMCVSS 5.5≤ 10.12.42017-05-22

CVE-2017-2540 [MEDIUM] CWE-20 CVE-2017-2540: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

CVE-2017-2509MEDIUMCVSS 5.5PoC≤ 10.12.42017-05-22

CVE-2017-2509 [MEDIUM] CVE-2017-2509: An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

← Previous66 / 157Next →