Apple macOS vulnerabilities

3,139 known vulnerabilities affecting apple/mac_os_x.

Total CVEs

3,139

CISA KEV

actively exploited

Public exploits

277

Exploited in wild

Severity breakdown

CRITICAL302HIGH1409MEDIUM1236LOW192

Vulnerabilities

Page 77 of 157

CVE-2016-4647HIGHCVSS 7.8≤ 10.11.52016-07-22

CVE-2016-4647 [HIGH] CWE-119 CVE-2016-4647: Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of servic Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.

nvd

CVE-2016-4601HIGHCVSS 8.8≤ 10.11.52016-07-22

CVE-2016-4601 [HIGH] CWE-119 CVE-2016-4601: QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.

nvd

CVE-2016-4631HIGHCVSS 8.8fixed in 10.11.62016-07-22

CVE-2016-4631 [HIGH] CWE-119 CVE-2016-4631: ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.

nvd

CVE-2016-4600HIGHCVSS 8.8≤ 10.11.52016-07-22

CVE-2016-4600 [HIGH] CVE-2016-4600: QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.

nvd

CVE-2016-4594HIGHCVSS 7.8fixed in 10.11.62016-07-22

CVE-2016-4594 [HIGH] CWE-20 CVE-2016-4594: The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, an The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.

nvd

CVE-2016-4626HIGHCVSS 7.8fixed in 10.11.62016-07-22

CVE-2016-4626 [HIGH] CWE-476 CVE-2016-4626: IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2. IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

nvd

CVE-2016-4599HIGHCVSS 7.8≤ 10.11.52016-07-22

CVE-2016-4599 [HIGH] CWE-119 CVE-2016-4599: QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.

nvd

CVE-2016-1863HIGHCVSS 7.8PoCfixed in 10.11.62016-07-22

CVE-2016-1863 [HIGH] CWE-416 CVE-2016-1863: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2 The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.

nvd

CVE-2016-4596HIGHCVSS 8.8≤ 10.11.52016-07-22

CVE-2016-4596 [HIGH] CWE-119 CVE-2016-4596: QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.

nvd

CVE-2016-4582HIGHCVSS 7.8fixed in 10.11.62016-07-22

CVE-2016-4582 [HIGH] CVE-2016-4582: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2 The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.

nvd

CVE-2016-4621HIGHCVSS 7.8≤ 10.11.52016-07-22

CVE-2016-4621 [HIGH] CWE-119 CVE-2016-4621: libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged co libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2016-4640HIGHCVSS 7.8≤ 10.11.52016-07-22

CVE-2016-4640 [HIGH] CWE-119 CVE-2016-4640: Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2016-4634HIGHCVSS 7.8≤ 10.11.52016-07-22

CVE-2016-4634 [HIGH] CWE-119 CVE-2016-4634: The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

nvd

CVE-2016-4637HIGHCVSS 8.8fixed in 10.11.62016-07-22

CVE-2016-4637 [HIGH] CWE-119 CVE-2016-4637: CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2 CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.

nvd

CVE-2016-4638HIGHCVSS 7.8≤ 10.11.52016-07-22

CVE-2016-4638 [HIGH] CWE-264 CVE-2016-4638: Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion."

nvd

CVE-2016-4625HIGHCVSS 7.8PoC≤ 10.11.52016-07-22

CVE-2016-4625 [HIGH] CWE-416 CVE-2016-4625: Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain pr Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.

nvd

CVE-2016-4639HIGHCVSS 7.0≤ 10.11.52016-07-22

CVE-2016-4639 [HIGH] CVE-2016-4639: Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local us Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.

nvd

CVE-2016-4641HIGHCVSS 7.3≤ 10.11.52016-07-22

CVE-2016-4641 [HIGH] CWE-20 CVE-2016-4641: Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."

nvd

CVE-2016-4653HIGHCVSS 7.8fixed in 10.11.62016-07-22

CVE-2016-4653 [HIGH] CVE-2016-4653: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2 The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.

nvd

CVE-2016-4602HIGHCVSS 8.8≤ 10.11.52016-07-22

CVE-2016-4602 [HIGH] CVE-2016-4602: QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600.

nvd

← Previous77 / 157Next →