Apple macOS vulnerabilities
3,135 known vulnerabilities affecting apple/macos.
Total CVEs
3,135
CISA KEV
75
actively exploited
Public exploits
44
Exploited in wild
61
Severity breakdown
CRITICAL203HIGH1362MEDIUM1421LOW149
Vulnerabilities
Page 67 of 157
CVE-2023-38607MEDIUMCVSS 5.5fixed in 14.0≥ unspecified, < 142024-01-10
CVE-2023-38607 [MEDIUM] CVE-2023-38607: The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings.
nvd
CVE-2023-41987MEDIUMCVSS 5.5fixed in 14.0≥ unspecified, < 142024-01-10
CVE-2023-41987 [MEDIUM] CWE-200 CVE-2023-41987: This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.
nvd
CVE-2022-46710MEDIUMCVSS 5.5fixed in 13.1≥ unspecified, < 13.12024-01-10
CVE-2022-46710 [MEDIUM] CWE-841 CVE-2022-46710: A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, m
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet.
nvd
CVE-2023-40437MEDIUMCVSS 5.5fixed in 13.5≥ unspecified, < 13.52024-01-10
CVE-2023-40437 [MEDIUM] CVE-2023-40437: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.
nvd
CVE-2023-42865MEDIUMCVSS 6.5fixed in 13.3≥ unspecified, < 13.32024-01-10
CVE-2023-42865 [MEDIUM] CWE-125 CVE-2023-42865: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.
nvd
CVE-2023-40411MEDIUMCVSS 5.5fixed in 14.0≥ unspecified, < 142024-01-10
CVE-2023-40411 [MEDIUM] CWE-200 CVE-2023-40411: This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An a
This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data.
nvd
CVE-2022-48504MEDIUMCVSS 5.5fixed in 13.0≥ unspecified, < 132024-01-10
CVE-2022-48504 [MEDIUM] CVE-2022-48504: The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. A
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.
nvd
CVE-2023-42862MEDIUMCVSS 6.5≥ 13.0, < 13.3≥ unspecified, < 13.32024-01-10
CVE-2023-42862 [MEDIUM] CWE-125 CVE-2023-42862: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.
nvd
CVE-2022-32931MEDIUMCVSS 5.5fixed in 13.0≥ unspecified, < 132024-01-10
CVE-2022-32931 [MEDIUM] CWE-200 CVE-2022-32931: This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information.
nvd
CVE-2022-42816MEDIUMCVSS 5.5fixed in 13.0≥ unspecified, < 132024-01-10
CVE-2022-42816 [MEDIUM] CWE-284 CVE-2022-42816: A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.
nvd
CVE-2023-42831MEDIUMCVSS 5.5≥ 11.0, < 11.7.9≥ 12.0.0, < 12.6.8+4 more2024-01-10
CVE-2023-42831 [MEDIUM] CVE-2023-42831: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user.
nvd
CVE-2023-42872MEDIUMCVSS 5.5fixed in 14.0≥ unspecified, < 142024-01-10
CVE-2023-42872 [MEDIUM] CVE-2023-42872: The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14,
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data.
nvd
CVE-2023-40430MEDIUMCVSS 5.5fixed in 14.0≥ unspecified, < 142024-01-10
CVE-2023-40430 [MEDIUM] CWE-285 CVE-2023-40430: A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent.
nvd
CVE-2023-28185MEDIUMCVSS 5.5≥ 11.0, < 11.7.5≥ 12.0.0, < 12.6.4+2 more2024-01-10
CVE-2023-28185 [MEDIUM] CWE-190 CVE-2023-28185: An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.
An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service.
nvd
CVE-2023-40385MEDIUMCVSS 6.5fixed in 14.0≥ unspecified, < 142024-01-10
CVE-2023-40385 [MEDIUM] CWE-200 CVE-2023-40385: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Sa
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.
nvd
CVE-2023-42829MEDIUMCVSS 5.5≥ 11.0, < 11.7.9≥ 12.0.0, < 12.6.8+4 more2024-01-10
CVE-2023-42829 [MEDIUM] CWE-200 CVE-2023-42829: The issue was addressed with additional restrictions on the observability of app states. This issue
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases.
nvd
CVE-2023-42929MEDIUMCVSS 5.5fixed in 14.0≥ unspecified, < 142024-01-10
CVE-2023-42929 [MEDIUM] CVE-2023-42929: The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data.
nvd
CVE-2022-32919MEDIUMCVSS 4.7fixed in 13.1≥ unspecified, < 13.12024-01-10
CVE-2022-32919 [MEDIUM] CWE-1021 CVE-2022-32919: The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2,
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.
nvd
CVE-2022-48577MEDIUMCVSS 5.5fixed in 13.0≥ unspecified, < 132024-01-10
CVE-2022-48577 [MEDIUM] CVE-2022-48577: An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventur
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.
nvd
CVE-2023-40439LOWCVSS 3.3fixed in 13.5≥ unspecified, < 13.52024-01-10
CVE-2023-40439 [LOW] CWE-22 CVE-2023-40439: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.
nvd