Apple macOS vulnerabilities
3,139 known vulnerabilities affecting apple/mac_os_x.
Total CVEs
3,139
CISA KEV
26
actively exploited
Public exploits
277
Exploited in wild
28
Severity breakdown
CRITICAL302HIGH1409MEDIUM1236LOW192
Vulnerabilities
Page 69 of 157
CVE-2017-2443HIGHCVSS 7.8PoC≤ 10.12.32017-04-02
CVE-2017-2443 [HIGH] CWE-119 CVE-2017-2443: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2017-2462HIGHCVSS 7.8≤ 10.12.32017-04-02
CVE-2017-2462 [HIGH] CWE-119 CVE-2017-2462: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted
nvd
CVE-2017-2473HIGHCVSS 7.8PoC≤ 10.12.32017-04-02
CVE-2017-2473 [HIGH] CWE-119 CVE-2017-2473: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app
nvd
CVE-2017-2413HIGHCVSS 7.8≤ 10.12.32017-04-02
CVE-2017-2413 [HIGH] CWE-119 CVE-2017-2413: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "QuickTime" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file.
nvd
CVE-2017-2449HIGHCVSS 7.8≤ 10.12.32017-04-02
CVE-2017-2449 [HIGH] CWE-416 CVE-2017-2449: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
nvd
CVE-2017-2436HIGHCVSS 7.8≤ 10.12.32017-04-02
CVE-2017-2436 [HIGH] CWE-119 CVE-2017-2436: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2017-2409HIGHCVSS 7.1≤ 10.12.32017-04-02
CVE-2017-2409 [HIGH] CWE-125 CVE-2017-2409: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app.
nvd
CVE-2017-2420HIGHCVSS 7.8≤ 10.12.32017-04-02
CVE-2017-2420 [HIGH] CWE-119 CVE-2017-2420: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2017-2427HIGHCVSS 7.8≤ 10.12.32017-04-02
CVE-2017-2427 [HIGH] CWE-119 CVE-2017-2427: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2017-2437HIGHCVSS 7.8≤ 10.12.32017-04-02
CVE-2017-2437 [HIGH] CWE-119 CVE-2017-2437: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
nvd
CVE-2017-2416HIGHCVSS 7.8≤ 10.12.32017-04-02
CVE-2017-2416 [HIGH] CWE-119 CVE-2017-2416: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft
nvd
CVE-2017-2482HIGHCVSS 7.8PoC≤ 10.12.32017-04-02
CVE-2017-2482 [HIGH] CWE-119 CVE-2017-2482: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvd
CVE-2017-2467HIGHCVSS 7.8≤ 10.12.32017-04-02
CVE-2017-2467 [HIGH] CWE-119 CVE-2017-2467: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft
nvd
CVE-2017-2403HIGHCVSS 8.8≤ 10.12.32017-04-02
CVE-2017-2403 [HIGH] CWE-134 CVE-2017-2403: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.
nvd
CVE-2017-2438HIGHCVSS 7.8≤ 10.12.32017-04-02
CVE-2017-2438 [HIGH] CWE-416 CVE-2017-2438: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleRAID" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
nvd
CVE-2017-2448MEDIUMCVSS 5.9≤ 10.12.32017-04-02
CVE-2017-2448 [MEDIUM] CWE-200 CVE-2017-2448: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.
nvd
CVE-2017-2418MEDIUMCVSS 6.5≤ 10.12.32017-04-02
CVE-2017-2418 [MEDIUM] CWE-200 CVE-2017-2418: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors.
nvd
CVE-2017-2489MEDIUMCVSS 5.5PoC≤ 10.12.32017-04-02
CVE-2017-2489 [MEDIUM] CWE-200 CVE-2017-2489: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
nvd
CVE-2017-2417MEDIUMCVSS 5.5≤ 10.12.32017-04-02
CVE-2017-2417 [MEDIUM] CWE-835 CVE-2017-2417: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to cause a denial of service (infinite recursion) via a crafted image.
nvd
CVE-2017-6974MEDIUMCVSS 5.5v10.12.32017-04-02
CVE-2017-6974 [MEDIUM] CWE-20 CVE-2017-6974: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.
nvd