CVE Daily
← All tags

Tag: Apple macOS

All CVEs associated with "Apple macOS". Page 10/36 • 4271 CVEs.

Subscribe CVEs: RSS for “Apple macOS”  ·  RSS (High+Critical only)

About “Apple macOS”

A curated feed of “Apple macOS”-related CVEs appears below. We currently track 4271 CVEs for this tag (all time). In the last 365 days, 751 were published. Average CVSS is 6.8 (all time; 6.5 over 365d), and 54% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-284 - Improper Access Control, CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-01-27
Medium

CVE-2025-24094

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access user-sensitive data.

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Critical

CVE-2025-24093

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access removable volumes wi…

CVSS: 9.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2025-24092

This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read sensitive location information.

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-24087

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data.

CVSS: 5.5 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2025-24086

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, vision…

CVSS: 5.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Critical

CVE-2025-24085

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tv…

CVSS: 10.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-54557

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the fil…

CVSS: 7.5 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2024-54550

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact inform…

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2024-54549

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

CVSS: 5.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2024-54547

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access protected user data.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2024-54543

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processi…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2024-54542

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be acce…

CVSS: 9.1 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-54541

This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, wa…

CVSS: 5.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2024-54539

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to capture keyboard events from th…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2024-54537

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to read and write files outside o…

CVSS: 8.2 CWE: N/A View on NVD
Medium

CVE-2024-54536

The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables.

CVSS: 5.5 CWE: N/A View on NVD
Critical

CVE-2024-54530

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, visionOS 2.2, watchOS 11.2. Password autofill may fill in passwords after failing au…

CVSS: 9.1 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2024-54523

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.

CVSS: 6.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-54522

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-54520

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to overwrite arbitrary files.

CVSS: 5.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-54519

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to read sensitive location information.

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2024-54518

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-54517

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Low

CVE-2024-54516

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to approve a launch daemon without user consent.

CVSS: 3.3 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2024-54509

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Sonoma 14.7.3. An app may be able to cause unexpected…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-54507

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An attacker with user privileges may be able to read kernel me…

CVSS: 5.5 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2024-54499

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciou…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2024-54497

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.2, visionOS 2.2, w…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-54488

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Photos in the H…

CVSS: 5.3 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2024-54478

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.2, tvOS 18.2, visionOS…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2024-54475

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to determi…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2024-54468

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. A…

CVSS: 8.2 CWE: N/A View on NVD
Low

CVE-2024-44172

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access co…

CVSS: 3.3 CWE: CWE-863 - Incorrect Authorization View on NVD
2025-01-21
Medium

CVE-2024-55504

An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via th…

CVSS: 5.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2025-01-17
High

CVE-2025-21606

stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registe…

CVSS: 8.7 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
2025-01-15
Medium

CVE-2024-54535

A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data coul…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-40854

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macO…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2024-40771

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, t…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2024-27856

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Pro…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2025-0502

Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.T…

CVSS: 9.1 CWE: CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak') View on NVD
High

CVE-2025-23013

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a…

CVSS: 7.3 CWE: CWE-394 - Unexpected Status Code or Return Value View on NVD
2025-01-14
High

CVE-2025-23042

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL)…

CVSS: 7.5 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2024-50338

Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists…

CVSS: 7.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2025-01-13
High

CVE-2024-11128

A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileInte…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2025-01-08
Medium

CVE-2024-13187

A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipu…

CVSS: 5.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2025-20126

A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics infor…

CVSS: 4.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-01-02
Medium

CVE-2024-55542

Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acr…

CVSS: 4.4 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2024-55538

Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Ac…

CVSS: 4.0 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2024-12-20
Low

CVE-2024-44298

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts.

CVSS: 3.3 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2024-44293

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information.

CVSS: 5.5 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-44292

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.

CVSS: 5.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2024-44231

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login Window during a software upda…

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2024-44223

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login W…

CVSS: 4.6 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2024-44211

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-44195

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-54538

A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS V…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-12-19
High

CVE-2024-12786

A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Dow…

CVSS: 7.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2024-12-18
High

CVE-2024-43106

A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious applicatio…

CVSS: 7.1 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2024-42220

A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious appl…

CVSS: 7.1 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2024-42004

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permissio…

CVSS: 7.1 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2024-41165

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application…

CVSS: 7.1 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2024-41159

A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious applic…

CVSS: 7.1 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2024-41145

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access priv…

CVSS: 7.1 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2024-41138

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leve…

CVSS: 7.1 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2024-39804

A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious…

CVSS: 7.1 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
2024-12-12
Critical

CVE-2024-54534

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processi…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-54531

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. An app may be able to bypass kASLR.

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2024-54529

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to execute arbitrary code out of its sandbox…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-54528

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to overwrite arbitrary files.

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2024-54527

This issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be a…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2024-54526

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. A malicious app…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2024-54524

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to access arbitrary files.

CVSS: 5.5 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2024-54515

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges.

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2024-54514

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be ab…

CVSS: 8.6 CWE: N/A View on NVD
Medium

CVE-2024-54513

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to acces…

CVSS: 5.5 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2024-54510

A race condition was addressed with improved locking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS…

CVSS: 5.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2024-54508

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processi…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2024-54506

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.2. An attacker may be able to cause unexpected system termination or arbitrary code…

CVSS: 9.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-54505

A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 1…

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2024-54504

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

CVSS: 5.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2024-54502

The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing malici…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-54501

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, w…

CVSS: 5.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-54500

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, w…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2024-54498

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to break out of its sandbox.

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2024-54495

The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to modify protected parts of the file system.

CVSS: 5.5 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2024-54494

A race condition was addressed with additional validation. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, vi…

CVSS: 5.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Low

CVE-2024-54493

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly.

CVSS: 3.3 CWE: N/A View on NVD
Medium

CVE-2024-54492

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, visionOS 2.2. An attacker in a p…

CVSS: 5.9 CWE: N/A View on NVD
Low

CVE-2024-54491

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location.

CVSS: 3.3 CWE: N/A View on NVD
Medium

CVE-2024-54490

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items.

CVSS: 5.5 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2024-54489

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Running a mount command may unexpectedly execute ar…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-54486

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, w…

CVSS: 6.5 CWE: N/A View on NVD
Low

CVE-2024-54485

The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able t…

CVSS: 2.4 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2024-54484

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2024-54479

The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing malici…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2024-54477

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data.

CVSS: 5.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2024-54476

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data.

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2024-54474

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2024-54471

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's…

CVSS: 5.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2024-54466

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An encrypted volume may be accessed by a dif…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2024-54465

A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges.

CVSS: 9.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2024-44300

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access protected user data.

CVSS: 5.5 CWE: N/A View on NVD
Critical

CVE-2024-44299

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary c…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2024-44291

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. A malicious app may be able to gain root privileges.

CVSS: 7.8 CWE: N/A View on NVD
Low

CVE-2024-44290

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, watchOS 11.1. An app may be able to determine a user’s…

CVSS: 3.3 CWE: N/A View on NVD
Medium

CVE-2024-44248

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. A user with screen sharing access may be able to view…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2024-44246

The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. On a device with Private…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-44245

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, visionOS 2.2. An app may be able to cau…

CVSS: 7.1 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-44243

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.

CVSS: 5.5 CWE: N/A View on NVD
Critical

CVE-2024-44242

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary c…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2024-44241

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary c…

CVSS: 9.8 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-44225

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2024-44224

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. A malicious app may be able to gain root privileg…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2024-44220

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. Parsing a maliciously crafted video file may lead to unexpected system terminati…

CVSS: 5.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Medium

CVE-2024-44212

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Cookie…

CVSS: 5.3 CWE: CWE-346 - Origin Validation Error View on NVD
Medium

CVE-2024-44201

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iPadOS 17.7.3, macOS Sequoia 15.1, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Processing a mali…

CVSS: 5.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Low

CVE-2024-44200

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location informati…

CVSS: 3.3 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
2024-12-06
High

CVE-2024-12254

Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reache…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-11-29
Medium

CVE-2024-9044

A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS.

CVSS: 4.6 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2024-11-26
Critical

CVE-2024-11698

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users…

CVSS: 9.8 CWE: N/A View on NVD