Apple macOS vulnerabilities

3,139 known vulnerabilities affecting apple/mac_os_x.

Total CVEs

3,139

CISA KEV

actively exploited

Public exploits

277

Exploited in wild

Severity breakdown

CRITICAL302HIGH1409MEDIUM1236LOW192

Vulnerabilities

Page 83 of 157

CVE-2016-1743HIGHCVSS 7.8PoC≤ 10.11.32016-03-24

CVE-2016-1743 [HIGH] CWE-119 CVE-2016-1743: The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.

nvd

CVE-2016-1733HIGHCVSS 7.8≤ 10.11.32016-03-24

CVE-2016-1733 [HIGH] CWE-20 CVE-2016-1733: AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged co AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2016-1740HIGHCVSS 7.8fixed in 10.11.42016-03-24

CVE-2016-1740 [HIGH] CWE-119 CVE-2016-1740: FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 all FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.

nvd

CVE-2016-1738HIGHCVSS 7.8≤ 10.11.32016-03-24

CVE-2016-1738 [HIGH] CWE-254 CVE-2016-1738: dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app.

nvd

CVE-2016-1747HIGHCVSS 7.8≤ 10.11.32016-03-24

CVE-2016-1747 [HIGH] CVE-2016-1747: IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged c IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.

nvd

CVE-2016-1757HIGHCVSS 7.0PoC≤ 10.11.32016-03-24

CVE-2016-1757 [HIGH] CWE-362 CVE-2016-1757: Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to exe Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.

nvd

CVE-2016-1736HIGHCVSS 7.8≤ 10.11.32016-03-24

CVE-2016-1736 [HIGH] CVE-2016-1736: Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged co Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.

nvd

CVE-2016-1756HIGHCVSS 7.8≤ 10.11.32016-03-24

CVE-2016-1756 [HIGH] CVE-2016-1756: The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary cod The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

nvd

CVE-2016-1767HIGHCVSS 7.8PoC≤ 10.11.32016-03-24

CVE-2016-1767 [HIGH] CWE-119 CVE-2016-1767: QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.

nvd

CVE-2016-1775HIGHCVSS 7.8fixed in 10.11.42016-03-24

CVE-2016-1775 [HIGH] CWE-119 CVE-2016-1775: TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

nvd

CVE-2016-1769HIGHCVSS 7.8PoC≤ 10.11.32016-03-24

CVE-2016-1769 [HIGH] CWE-119 CVE-2016-1769: QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.

nvd

CVE-2016-1759HIGHCVSS 7.8≤ 10.11.32016-03-24

CVE-2016-1759 [HIGH] CWE-119 CVE-2016-1759: The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged c The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2016-1788MEDIUMCVSS 5.9≤ 10.11.32016-03-24

CVE-2016-1788 [MEDIUM] CWE-310 CVE-2016-1788: Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly impl Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.

nvd

CVE-2016-1770MEDIUMCVSS 6.5≤ 10.11.32016-03-24

CVE-2016-1770 [MEDIUM] CWE-284 CVE-2016-1770: The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-con The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.

nvd

CVE-2016-1764MEDIUMCVSS 4.3≤ 10.11.32016-03-24

CVE-2016-1764 [MEDIUM] CWE-200 CVE-2016-1764: The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows rem The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.

nvd

CVE-2016-1745MEDIUMCVSS 5.5≤ 10.11.32016-03-24

CVE-2016-1745 [MEDIUM] CVE-2016-1745: IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

nvd

CVE-2016-1737MEDIUMCVSS 6.3≤ 10.11.32016-03-24

CVE-2016-1737 [MEDIUM] CWE-119 CVE-2016-1737: Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a den Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.

nvd

CVE-2016-1734MEDIUMCVSS 6.8≤ 10.11.32016-03-24

CVE-2016-1734 [MEDIUM] CWE-119 CVE-2016-1734: AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attac AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.

nvd

CVE-2016-1732MEDIUMCVSS 5.5≤ 10.11.32016-03-24

CVE-2016-1732 [MEDIUM] CWE-119 CVE-2016-1732: AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout i AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.

nvd

CVE-2016-1752MEDIUMCVSS 5.5fixed in 10.11.42016-03-24

CVE-2016-1752 [MEDIUM] CWE-20 CVE-2016-1752: The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 all The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.

nvd

← Previous83 / 157Next →