Apple macOS vulnerabilities
3,139 known vulnerabilities affecting apple/mac_os_x.
Total CVEs
3,139
CISA KEV
26
actively exploited
Public exploits
277
Exploited in wild
28
Severity breakdown
CRITICAL302HIGH1409MEDIUM1236LOW192
Vulnerabilities
Page 70 of 157
CVE-2016-7585MEDIUMCVSS 6.8≤ 10.12.32017-04-02
CVE-2016-7585 [MEDIUM] CWE-310 CVE-2016-7585: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter.
nvd
CVE-2017-2390MEDIUMCVSS 5.5≤ 10.12.32017-04-02
CVE-2017-2390 [MEDIUM] CWE-59 CVE-2017-2390: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors.
nvd
CVE-2017-2388MEDIUMCVSS 5.5PoC≤ 10.12.32017-04-02
CVE-2017-2388 [MEDIUM] CWE-476 CVE-2017-2388: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
nvd
CVE-2017-2426LOWCVSS 3.3≤ 10.12.32017-04-02
CVE-2017-2426 [LOW] CWE-200 CVE-2017-2426: An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.
nvd
CVE-2017-6458HIGHCVSS 8.8≥ 10.8.0, < 10.132017-03-27
CVE-2017-6458 [HIGH] CWE-119 CVE-2017-6458: Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 a
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
nvd
CVE-2016-7663CRITICALCVSS 9.8≤ 10.12.12017-02-20
CVE-2016-7663 [CRITICAL] CWE-119 CVE-2016-7663: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
nvd
CVE-2016-4780HIGHCVSS 7.8≤ 10.12.02017-02-20
CVE-2016-4780 [HIGH] CWE-476 CVE-2016-4780: An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
nvd
CVE-2016-7742HIGHCVSS 7.8≤ 10.12.12017-02-20
CVE-2016-7742 [HIGH] CWE-20 CVE-2016-7742: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "xar" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations.
nvd
CVE-2016-4673HIGHCVSS 7.8fixed in 10.12.12017-02-20
CVE-2016-4673 [HIGH] CWE-119 CVE-2016-4673: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via
nvd
CVE-2016-7658HIGHCVSS 8.8≤ 10.12.12017-02-20
CVE-2016-7658 [HIGH] CWE-119 CVE-2016-7658: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.
nvd
CVE-2017-2353HIGHCVSS 7.8PoC≤ 10.12.22017-02-20
CVE-2017-2353 [HIGH] CWE-416 CVE-2017-2353: An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
nvd
CVE-2016-4674HIGHCVSS 7.8≤ 10.12.02017-02-20
CVE-2016-4674 [HIGH] CWE-119 CVE-2016-4674: An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
nvd
CVE-2016-7662HIGHCVSS 7.5≤ 10.12.12017-02-20
CVE-2016-7662 [HIGH] CWE-295 CVE-2016-7662: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors.
nvd
CVE-2016-7629HIGHCVSS 7.8≤ 10.12.12017-02-20
CVE-2016-7629 [HIGH] CWE-119 CVE-2016-7629: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2016-4691HIGHCVSS 8.8≤ 10.12.12017-02-20
CVE-2016-4691 [HIGH] CWE-119 CVE-2016-4691: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
nvd
CVE-2016-7622HIGHCVSS 7.8≤ 10.12.12017-02-20
CVE-2016-7622 [HIGH] CWE-119 CVE-2016-7622: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Grapher" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file.
nvd
CVE-2016-7612HIGHCVSS 7.8PoC≤ 10.12.12017-02-20
CVE-2016-7612 [HIGH] CWE-119 CVE-2016-7612: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2017-2370HIGHCVSS 7.8PoCfixed in 10.12.32017-02-20
CVE-2017-2370 [HIGH] CWE-119 CVE-2017-2370: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted
nvd
CVE-2016-7584HIGHCVSS 7.8≤ 10.12.02017-02-20
CVE-2016-7584 [HIGH] CWE-254 CVE-2016-7584: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID.
nvd
CVE-2016-7667HIGHCVSS 7.5≤ 10.12.12017-02-20
CVE-2016-7667 [HIGH] CWE-20 CVE-2016-7667: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.
nvd