Apple macOS vulnerabilities

3,135 known vulnerabilities affecting apple/macos.

Total CVEs

3,135

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL203HIGH1362MEDIUM1421LOW149

Vulnerabilities

Page 45 of 157

CVE-2024-44200LOWCVSS 3.3fixed in 15.12024-12-12

CVE-2024-44200 [LOW] CWE-922 CVE-2024-44200: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information.

nvd

CVE-2024-44307HIGHCVSS 7.8≥ 14.0, < 14.6fixed in 14.62024-11-20

CVE-2024-44307 [HIGH] CWE-120 CVE-2024-44307: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS So A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges.

nvd

CVE-2024-44306HIGHCVSS 7.8≥ 14.0, < 14.6fixed in 14.62024-11-20

CVE-2024-44306 [HIGH] CWE-120 CVE-2024-44306: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS So A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges.

nvd

CVE-2024-44308HIGHCVSS 8.8KEV≥ 15.0, < 15.1.1fixed in 15.1.12024-11-20

CVE-2024-44308 [HIGH] CVE-2024-44308: The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and i The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac sys

nvd

CVE-2024-44309MEDIUMCVSS 6.3KEV≥ 15.0, < 15.1.1fixed in 15.1.12024-11-20

CVE-2024-44309 [MEDIUM] CWE-79 CVE-2024-44309: A cookie management issue was addressed with improved state management. This issue is fixed in Safar A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been a

nvd

CVE-2024-44233MEDIUMCVSS 5.5fixed in 13.7.1≥ 14.0, < 14.7.1+2 more2024-11-01

CVE-2024-44233 [MEDIUM] CWE-120 CVE-2024-44233: The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17 The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

nvd

CVE-2024-44232MEDIUMCVSS 5.5fixed in 13.7.1≥ 14.0, < 14.7.1+2 more2024-11-01

CVE-2024-44232 [MEDIUM] CWE-120 CVE-2024-44232: The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17 The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

nvd

CVE-2024-44234MEDIUMCVSS 5.5fixed in 13.7.1≥ 14.0, < 14.7.1+2 more2024-11-01

CVE-2024-44234 [MEDIUM] CWE-120 CVE-2024-44234: The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17 The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

nvd

CVE-2024-44203HIGHCVSS 7.5fixed in 15.0fixed in 152024-10-28

CVE-2024-44203 [HIGH] CVE-2024-44203: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library.

nvd

CVE-2024-44289HIGHCVSS 7.5fixed in 13.7.1≥ 14.0, < 14.7.1+2 more2024-10-28

CVE-2024-44289 [HIGH] CWE-863 CVE-2024-44289: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to read sensitive location information.

nvd

CVE-2024-44256HIGHCVSS 8.6≥ 13.0, < 13.7.1≥ 14.0, < 14.7.1+3 more2024-10-28

CVE-2024-44256 [HIGH] CVE-2024-44256: The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.1, The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to break out of its sandbox.

nvd

CVE-2024-44159HIGHCVSS 7.1fixed in 13.7.1≥ 14.0, < 14.7.1+2 more2024-10-28

CVE-2024-44159 [HIGH] CVE-2024-44159: A path deletion vulnerability was addressed by preventing vulnerable code from running with privileg A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to bypass Privacy preferences.

nvd

CVE-2024-44255HIGHCVSS 7.8fixed in 13.7.1≥ 14.0, < 14.7.1+2 more2024-10-28

CVE-2024-44255 [HIGH] CWE-22 CVE-2024-44255: A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to run arbitrary shortcuts without user consent.

nvd

CVE-2024-44122HIGHCVSS 8.8fixed in 13.7.1≥ 14.0, < 14.7.1+2 more2024-10-28

CVE-2024-44122 [HIGH] CWE-693 CVE-2024-44122: A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An application may be able to break out of its sandbox.

nvd

CVE-2024-44270HIGHCVSS 8.6fixed in 13.7.1≥ 14.0, < 14.7.1+2 more2024-10-28

CVE-2024-44270 [HIGH] CWE-863 CVE-2024-44270: A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1, mac A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A sandboxed process may be able to circumvent sandbox restrictions.

nvd

CVE-2024-44126HIGHCVSS 7.8fixed in 13.7.1≥ 14.0, < 14.7+2 more2024-10-28

CVE-2024-44126 [HIGH] CWE-787 CVE-2024-44126: The issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 1 The issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7.1, visionOS 2. Processing a maliciously crafted file may lead to heap corruption.

nvd

CVE-2024-44156HIGHCVSS 7.1fixed in 13.7.1≥ 14.0, < 14.7.1+2 more2024-10-28

CVE-2024-44156 [HIGH] CWE-862 CVE-2024-44156: A path deletion vulnerability was addressed by preventing vulnerable code from running with privileg A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to bypass Privacy preferences.

nvd

CVE-2024-44285HIGHCVSS 7.8fixed in 15.12024-10-28

CVE-2024-44285 [HIGH] CWE-416 CVE-2024-44285: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to cause unexpected system termination or corrupt kernel memory.

nvd

CVE-2024-44277HIGHCVSS 7.8fixed in 15.12024-10-28

CVE-2024-44277 [HIGH] CWE-787 CVE-2024-44277: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1. An app may be able to cause unexpected system termination or corrupt kernel memory.

nvd

CVE-2024-44218HIGHCVSS 7.8fixed in 14.7.1fixed in 15.12024-10-28

CVE-2024-44218 [HIGH] CWE-787 CVE-2024-44218: This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to heap corruption.

nvd

← Previous45 / 157Next →