Apple macOS vulnerabilities
3,180 known vulnerabilities affecting apple/macos.
Total CVEs
3,180
CISA KEV
75
actively exploited
Public exploits
44
Exploited in wild
61
Severity breakdown
CRITICAL211HIGH1380MEDIUM1439LOW150
Vulnerabilities
Page 18 of 159
CVE-2025-43358HIGHCVSS 8.8≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43358 [HIGH] CWE-862 CVE-2025-43358: A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 1
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A shortcut may be able to bypass sandbox restrictions.
cvelistv5nvd
CVE-2025-24088HIGHCVSS 7.5fixed in 26.0fixed in 262025-09-15
CVE-2025-24088 [HIGH] CWE-284 CVE-2025-24088: The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app ma
The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles.
cvelistv5nvd
CVE-2025-43298HIGHCVSS 7.8≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43298 [HIGH] CWE-41 CVE-2025-43298: A parsing issue in the handling of directory paths was addressed with improved path validation. This
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
cvelistv5nvd
CVE-2025-43333HIGHCVSS 7.8fixed in 26.0fixed in 262025-09-15
CVE-2025-43333 [HIGH] CWE-269 CVE-2025-43333: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 2
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges.
cvelistv5nvd
CVE-2025-43304HIGHCVSS 7.0≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43304 [HIGH] CWE-362 CVE-2025-43304: A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
cvelistv5nvd
CVE-2025-43330HIGHCVSS 8.2fixed in 15.7fixed in 262025-09-15
CVE-2025-43330 [HIGH] CWE-693 CVE-2025-43330: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7,
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to break out of its sandbox.
cvelistv5nvd
CVE-2025-31271HIGHCVSS 7.5fixed in 26.0fixed in 262025-09-15
CVE-2025-31271 [HIGH] CWE-287 CVE-2025-31271: This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26. I
This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26. Incoming FaceTime calls can appear or be accepted on a locked macOS device, even with notifications disabled on the lock screen.
cvelistv5nvd
CVE-2025-43341HIGHCVSS 7.8≥ 14.0, < 14.8≥ 15.0, < 26.0+2 more2025-09-15
CVE-2025-43341 [HIGH] CWE-862 CVE-2025-43341: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
cvelistv5nvd
CVE-2025-43316HIGHCVSS 7.8fixed in 26.0fixed in 262025-09-15
CVE-2025-43316 [HIGH] CWE-862 CVE-2025-43316: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 2
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26, visionOS 26. A malicious app may be able to gain root privileges.
cvelistv5nvd
CVE-2025-43297MEDIUMCVSS 6.2fixed in 26.0fixed in 262025-09-15
CVE-2025-43297 [MEDIUM] CWE-843 CVE-2025-43297: A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Tah
A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. An app may be able to cause a denial-of-service.
cvelistv5nvd
CVE-2025-43315MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43315 [MEDIUM] CWE-284 CVE-2025-43315: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7,
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access user-sensitive data.
cvelistv5nvd
CVE-2025-43354MEDIUMCVSS 5.5fixed in 26.0fixed in 262025-09-15
CVE-2025-43354 [MEDIUM] CWE-532 CVE-2025-43354: A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.
cvelistv5nvd
CVE-2025-43272MEDIUMCVSS 6.5fixed in 26.0fixed in 262025-09-15
CVE-2025-43272 [MEDIUM] CWE-119 CVE-2025-43272: The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2025-43318MEDIUMCVSS 6.2fixed in 26.0fixed in 262025-09-15
CVE-2025-43318 [MEDIUM] CWE-862 CVE-2025-43318: This issue was addressed with additional entitlement checks. This issue is fixed in macOS Tahoe 26.
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Tahoe 26. An app with root privileges may be able to access private information.
cvelistv5nvd
CVE-2025-31268MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-31268 [MEDIUM] CWE-284 CVE-2025-31268: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
cvelistv5nvd
CVE-2025-43367MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 26.0+2 more2025-09-15
CVE-2025-43367 [MEDIUM] CWE-200 CVE-2025-43367: A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Sonoma 14.8, ma
A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
cvelistv5nvd
CVE-2025-43310MEDIUMCVSS 4.4≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43310 [MEDIUM] CWE-359 CVE-2025-43310: A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequo
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to trick a user into copying sensitive data to the pasteboard.
cvelistv5nvd
CVE-2025-43293MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43293 [MEDIUM] CWE-20 CVE-2025-43293: The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7, m
The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
cvelistv5nvd
CVE-2025-43369MEDIUMCVSS 5.5fixed in 26.0fixed in 262025-09-15
CVE-2025-43369 [MEDIUM] CWE-284 CVE-2025-43369: This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
cvelistv5nvd
CVE-2025-24197MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-24197 [MEDIUM] CWE-284 CVE-2025-24197: A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS S
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
cvelistv5nvd