Apple macOS vulnerabilities
3,135 known vulnerabilities affecting apple/macos.
Total CVEs
3,135
CISA KEV
75
actively exploited
Public exploits
44
Exploited in wild
61
Severity breakdown
CRITICAL203HIGH1362MEDIUM1421LOW149
Vulnerabilities
Page 68 of 157
CVE-2023-42830LOWCVSS 3.3fixed in 13.3≥ unspecified, < 13.32024-01-10
CVE-2023-42830 [LOW] CWE-359 CVE-2023-42830: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.
nvd
CVE-2022-42839LOWCVSS 3.3fixed in 13.1≥ unspecified, < 13.12024-01-10
CVE-2022-42839 [LOW] CWE-200 CVE-2022-42839: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information.
nvd
CVE-2023-40383LOWCVSS 3.3fixed in 13.3≥ unspecified, < 13.32024-01-10
CVE-2023-40383 [LOW] CWE-22 CVE-2023-40383: A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 1
A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data.
nvd
CVE-2023-38612LOWCVSS 3.3fixed in 12.7≥ 13.0, < 13.6+3 more2024-01-10
CVE-2023-38612 [LOW] CVE-2023-38612: The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 a
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data.
nvd
CVE-2023-28197LOWCVSS 3.3fixed in 11.7.5≥ 12.0.0, < 12.6.4+4 more2024-01-10
CVE-2023-28197 [LOW] CWE-284 CVE-2023-28197: An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ven
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.
nvd
CVE-2022-48618HIGHCVSS 7.0KEV≥ 13.0, < 13.1≥ unspecified, < 13.12024-01-09
CVE-2022-48618 [HIGH] CWE-367 CVE-2022-48618: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7
nvd
CVE-2023-42940MEDIUMCVSS 5.7≥ 14.0, < 14.2.1≥ unspecified, < 14.22023-12-19
CVE-2023-42940 [MEDIUM] CWE-200 CVE-2023-42940: A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS
A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.
nvd
CVE-2023-48795MEDIUMCVSS 5.9PoC≥ 14.0, < 14.42023-12-18
CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr
nvd
CVE-2023-40446HIGHCVSS 7.8≥ 12.0.0, < 12.7.1≥ unspecified, < 12.72023-12-12
CVE-2023-40446 [HIGH] CVE-2023-40446: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1,
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps.
nvd
CVE-2023-42903HIGHCVSS 7.8≥ 14.0, < 14.2≥ unspecified, < 14.22023-12-12
CVE-2023-42903 [HIGH] CWE-787 CVE-2023-42903: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
nvd
CVE-2023-42904HIGHCVSS 7.8≥ 14.0, < 14.2≥ unspecified, < 14.22023-12-12
CVE-2023-42904 [HIGH] CWE-787 CVE-2023-42904: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
nvd
CVE-2023-42908HIGHCVSS 7.8≥ 14.0, < 14.2≥ unspecified, < 14.22023-12-12
CVE-2023-42908 [HIGH] CWE-787 CVE-2023-42908: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
nvd
CVE-2023-42926HIGHCVSS 7.8≥ 14.0, < 14.2≥ unspecified, < 14.22023-12-12
CVE-2023-42926 [HIGH] CWE-787 CVE-2023-42926: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
nvd
CVE-2023-42886HIGHCVSS 7.8≥ 12.0.0, < 12.7.2≥ 13.0, < 13.6.3+4 more2023-12-12
CVE-2023-42886 [HIGH] CWE-125 CVE-2023-42886: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sono
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution.
nvd
CVE-2023-42910HIGHCVSS 8.8≥ 14.0, < 14.2≥ unspecified, < 14.22023-12-12
CVE-2023-42910 [HIGH] CWE-787 CVE-2023-42910: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
nvd
CVE-2023-42911HIGHCVSS 7.8≥ 14.0, < 14.2≥ unspecified, < 14.22023-12-12
CVE-2023-42911 [HIGH] CWE-787 CVE-2023-42911: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
nvd
CVE-2023-42912HIGHCVSS 7.8≥ 14.0, < 14.2≥ unspecified, < 14.22023-12-12
CVE-2023-42912 [HIGH] CWE-787 CVE-2023-42912: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
nvd
CVE-2023-42907HIGHCVSS 7.8≥ 14.0, < 14.2≥ unspecified, < 14.22023-12-12
CVE-2023-42907 [HIGH] CWE-787 CVE-2023-42907: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
nvd
CVE-2023-42899HIGHCVSS 7.8≥ 12.0.0, < 12.7.2≥ 13.0, < 13.6.3+4 more2023-12-12
CVE-2023-42899 [HIGH] CVE-2023-42899: The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution.
nvd
CVE-2023-42890HIGHCVSS 8.8≥ 14.0, < 14.2≥ unspecified, < 14.22023-12-12
CVE-2023-42890 [HIGH] CWE-94 CVE-2023-42890: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Son
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.
nvd