Apple macOS vulnerabilities
3,180 known vulnerabilities affecting apple/macos.
Total CVEs
3,180
CISA KEV
75
actively exploited
Public exploits
44
Exploited in wild
61
Severity breakdown
CRITICAL211HIGH1380MEDIUM1439LOW150
Vulnerabilities
Page 19 of 159
CVE-2025-43356MEDIUMCVSS 6.5fixed in 26.0fixed in 262025-09-15
CVE-2025-43356 [MEDIUM] CWE-200 CVE-2025-43356: The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7
The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent.
cvelistv5nvd
CVE-2025-43327MEDIUMCVSS 6.5fixed in 26.0fixed in 262025-09-15
CVE-2025-43327 [MEDIUM] CWE-451 CVE-2025-43327: The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26
The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing.
cvelistv5nvd
CVE-2025-43307MEDIUMCVSS 4.0fixed in 26.0fixed in 262025-09-15
CVE-2025-43307 [MEDIUM] CWE-863 CVE-2025-43307: This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed i
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
cvelistv5nvd
CVE-2025-43279MEDIUMCVSS 6.2fixed in 26.0fixed in 262025-09-15
CVE-2025-43279 [MEDIUM] CWE-359 CVE-2025-43279: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data.
cvelistv5nvd
CVE-2025-43231MEDIUMCVSS 5.5fixed in 14.82025-09-15
CVE-2025-43231 [MEDIUM] CWE-285 CVE-2025-43231: A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app m
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive data.
cvelistv5nvd
CVE-2025-43262MEDIUMCVSS 5.1fixed in 26.0fixed in 262025-09-15
CVE-2025-43262 [MEDIUM] CWE-358 CVE-2025-43262: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 2
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. USB Restricted Mode may not be applied to accessories connected during boot.
cvelistv5nvd
CVE-2025-43355MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43355 [MEDIUM] CWE-843 CVE-2025-43355: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.7
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause a denial-of-service.
cvelistv5nvd
CVE-2025-43208MEDIUMCVSS 5.5fixed in 26.0fixed in 262025-09-15
CVE-2025-43208 [MEDIUM] CWE-284 CVE-2025-43208: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 2
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to read sensitive location information.
cvelistv5nvd
CVE-2025-31269MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 26.0+2 more2025-09-15
CVE-2025-31269 [MEDIUM] CWE-284 CVE-2025-31269: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
cvelistv5nvd
CVE-2025-43299MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43299 [MEDIUM] CWE-20 CVE-2025-43299: A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 an
A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.
cvelistv5nvd
CVE-2025-43190MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43190 [MEDIUM] CWE-22 CVE-2025-43190: A parsing issue in the handling of directory paths was addressed with improved path validation. This
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.
cvelistv5nvd
CVE-2025-43311MEDIUMCVSS 5.1≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43311 [MEDIUM] CWE-862 CVE-2025-43311: This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
cvelistv5nvd
CVE-2025-43295MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43295 [MEDIUM] CWE-400 CVE-2025-43295: A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 an
A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.
cvelistv5nvd
CVE-2025-43319MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43319 [MEDIUM] CWE-284 CVE-2025-43319: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7,
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
cvelistv5nvd
CVE-2025-43292MEDIUMCVSS 5.5≥ 15.0, < 15.7fixed in 15.7+2 more2025-09-15
CVE-2025-43292 [MEDIUM] CWE-362 CVE-2025-43292: A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sequoia 15.7.2, macOS Tahoe 26. An app may be able to access sensitive user data.
cvelistv5nvd
CVE-2025-43366MEDIUMCVSS 5.5fixed in 26.0fixed in 262025-09-15
CVE-2025-43366 [MEDIUM] CWE-125 CVE-2025-43366: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Taho
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to disclose coprocessor memory.
cvelistv5nvd
CVE-2025-43312MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43312 [MEDIUM] CWE-120 CVE-2025-43312: A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause unexpected system termination.
cvelistv5nvd
CVE-2025-43353MEDIUMCVSS 5.5≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43353 [MEDIUM] CWE-787 CVE-2025-43353: The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macO
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption.
cvelistv5nvd
CVE-2025-43368MEDIUMCVSS 4.3fixed in 26.0fixed in 262025-09-15
CVE-2025-43368 [MEDIUM] CWE-416 CVE-2025-43368: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2025-43308MEDIUMCVSS 5.3≥ 14.0, < 14.8≥ 15.0, < 15.7+3 more2025-09-15
CVE-2025-43308 [MEDIUM] CWE-284 CVE-2025-43308: This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
cvelistv5nvd