Apple macOS vulnerabilities

3,135 known vulnerabilities affecting apple/macos.

Total CVEs

3,135

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL203HIGH1362MEDIUM1421LOW149

Vulnerabilities

Page 84 of 157

CVE-2023-28322LOWCVSS 3.7≥ 11.0, < 11.7.9≥ 12.0, < 12.6.8+1 more2023-05-26

CVE-2023-28322 [LOW] CWE-200 CVE-2023-28322: An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surp

nvd

CVE-2023-30774MEDIUMCVSS 5.5fixed in 14.12023-05-19

CVE-2023-30774 [MEDIUM] CWE-119 CVE-2023-30774: A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

nvd

CVE-2023-27953CRITICALCVSS 9.8≥ 11.0, < 11.7.5≥ 12.0, < 12.6.4+4 more2023-05-08

CVE-2023-27953 [CRITICAL] CWE-787 CVE-2023-27953: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, ma The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.

nvd

CVE-2023-28201CRITICALCVSS 9.8≥ 13.0, < 13.3≥ unspecified, < 13.32023-05-08

CVE-2023-28201 [CRITICAL] CWE-362 CVE-2023-28201: This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution.

nvd

CVE-2023-23526CRITICALCVSS 9.8fixed in 13.3≥ unspecified, < 13.32023-05-08

CVE-2023-23526 [CRITICAL] CVE-2023-23526: This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper.

nvd

CVE-2023-27958CRITICALCVSS 9.1≥ 11.0, < 11.7.5≥ 12.0, < 12.6.4+4 more2023-05-08

CVE-2023-27958 [CRITICAL] CWE-770 CVE-2023-27958: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, ma The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.

nvd

CVE-2023-27960HIGHCVSS 7.8≥ unspecified, < 10.42023-05-08

CVE-2023-27960 [HIGH] CVE-2023-27960: This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macO This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand.

nvd

CVE-2023-27957HIGHCVSS 7.8≥ 13.0, < 13.3≥ unspecified, < 13.32023-05-08

CVE-2023-27957 [HIGH] CWE-120 CVE-2023-27957: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

nvd

CVE-2023-27944HIGHCVSS 8.6fixed in 11.7.5≥ 12.0, < 12.6.4+4 more2023-05-08

CVE-2023-27944 [HIGH] CWE-346 CVE-2023-27944: This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Mo This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break out of its sandbox.

nvd

CVE-2023-27946HIGHCVSS 7.8≥ 11.0, < 11.7.5≥ 12.0, < 12.6.4+4 more2023-05-08

CVE-2023-27946 [HIGH] CWE-125 CVE-2023-27946: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Vent An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

nvd

CVE-2023-27949HIGHCVSS 7.8≥ 12.0, < 12.6.4≥ 13.0, < 13.3+2 more2023-05-08

CVE-2023-27949 [HIGH] CWE-125 CVE-2023-27949: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

nvd

CVE-2023-23540HIGHCVSS 7.8fixed in 11.7.5≥ 12.0, < 12.6.4+2 more2023-05-08

CVE-2023-23540 [HIGH] CVE-2023-23540: The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.8 and iPadOS The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges.

nvd

CVE-2023-27935HIGHCVSS 8.8fixed in 11.7.5≥ 12.0, < 12.6.4+4 more2023-05-08

CVE-2023-27935 [HIGH] CWE-120 CVE-2023-27935: The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macO The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code execution.

nvd

CVE-2023-23525HIGHCVSS 7.8fixed in 13.3≥ unspecified, < 13.3+1 more2023-05-08

CVE-2023-23525 [HIGH] CVE-2023-23525: This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 a This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to gain root privileges.

nvd

CVE-2023-27938HIGHCVSS 7.8fixed in 10.4.8≥ unspecified, < 10.42023-05-08

CVE-2023-27938 [HIGH] CWE-125 CVE-2023-27938: An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Gar An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution.

nvd

CVE-2023-27934HIGHCVSS 8.8fixed in 13.3≥ unspecified, < 13.3+1 more2023-05-08

CVE-2023-27934 [HIGH] CWE-665 CVE-2023-27934: A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monter A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.

nvd

CVE-2023-27936HIGHCVSS 7.8fixed in 11.7.5≥ 12.0, < 12.6.4+4 more2023-05-08

CVE-2023-27936 [HIGH] CWE-787 CVE-2023-27936: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to cause unexpected system termination or write kernel memory.

nvd

CVE-2023-27969HIGHCVSS 7.8≥ 13.0, < 13.3≥ unspecified, < 13.32023-05-08

CVE-2023-27969 [HIGH] CWE-416 CVE-2023-27969: A use after free issue was addressed with improved memory management. This issue is fixed in macOS V A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.

nvd

CVE-2023-27937HIGHCVSS 7.8fixed in 11.7.5≥ 12.0, < 12.6.4+4 more2023-05-08

CVE-2023-27937 [HIGH] CWE-190 CVE-2023-27937: An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventu An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution.

nvd

CVE-2023-23532HIGHCVSS 8.8fixed in 13.3≥ unspecified, < 13.32023-05-08

CVE-2023-23532 [HIGH] CVE-2023-23532: This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 a This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6. An app may be able to break out of its sandbox.

nvd

← Previous84 / 157Next →