Mac OSX Apple Mac OSX Macintosh Operating System

Do you want an email whenever new security vulnerabilities are reported in Apple Mac OSX?

By the Year

In 2022 there have been 4 vulnerabilities in Apple Mac OSX with an average score of 7.6 out of ten. Last year Mac OSX had 315 security vulnerabilities published. Right now, Mac OSX is on track to have less security vulnerabilities in 2022 than it did last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.47.

Year Vulnerabilities Average Score
2022 4 7.63
2021 315 7.16
2020 228 7.15
2019 301 7.42
2018 87 7.23

It may take a day or so for new Mac OSX vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Mac OSX Security Vulnerabilities

An information disclosure issue was addressed with improved state management

CVE-2022-22579 7.8 - High - March 18, 2022

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.

Exposure of Resource to Wrong Sphere

A buffer overflow issue was addressed with improved memory handling

CVE-2022-22593 7.8 - High - March 18, 2022

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.

Classic Buffer Overflow

An out-of-bounds read was addressed with improved bounds checking

CVE-2022-22627 7.1 - High - March 18, 2022

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

Memory Corruption

A memory corruption issue was addressed with improved validation

CVE-2022-22597 7.8 - High - March 18, 2022

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.

Memory Corruption

An issue existed in the handling of Contact sharing

CVE-2017-13892 7.5 - High - December 23, 2021

An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing.

A race condition was addressed with additional validation

CVE-2017-13905 8.1 - High - December 23, 2021

A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges.

Race Condition

An issue existed in the storage of sensitive tokens

CVE-2017-13909 5.5 - Medium - December 23, 2021

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.

Insecure Storage of Sensitive Information

An access issue was addressed with additional sandbox restrictions on applications

CVE-2017-13910 5.5 - Medium - December 23, 2021

An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files.

A null pointer dereference was addressed with improved validation

CVE-2018-4302 7.8 - High - December 23, 2021

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

NULL Pointer Dereference

A validation issue was addressed with improved logic

CVE-2018-4478 6.8 - Medium - December 23, 2021

A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.

Improper Privilege Management

This issue was addressed with a new entitlement

CVE-2019-8702 5.5 - Medium - December 23, 2021

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.

Exposure of Resource to Wrong Sphere

A logic issue was addressed with improved state management

CVE-2021-30767 5.5 - Medium - December 23, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system.

A memory corruption issue was addressed with improved memory handling

CVE-2017-13906 7.8 - High - December 23, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges.

Buffer Overflow

A state management issue was addressed with improved state validation

CVE-2017-13907 6.8 - Medium - December 23, 2021

A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked.

An issue in handling file permissions was addressed with improved validation

CVE-2017-13908 7.8 - High - December 23, 2021

An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share.

CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14

CVE-2019-8643 9.8 - Critical - December 23, 2021

CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..

This issue was addressed with improved entitlements

CVE-2019-8703 9.8 - Critical - December 23, 2021

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

A use after free issue was addressed with improved memory management

CVE-2020-3886 7.8 - High - December 23, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.

Dangling pointer

This issue was addressed by removing the vulnerable code

CVE-2020-3896 5.5 - Medium - December 23, 2021

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files.

A memory corruption issue was addressed with improved memory handling

CVE-2017-13835 7.8 - High - December 23, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.

Buffer Overflow

A memory corruption issue was addressed with improved memory handling

CVE-2021-30821 7.8 - High - October 28, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

A memory corruption issue was addressed with improved state management

CVE-2021-30824 7.8 - High - October 28, 2021

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2021-30834 7.8 - High - October 28, 2021

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30811 5.5 - Medium - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information.

A race condition was addressed with additional validation

CVE-2020-29622 7.5 - High - October 19, 2021

A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-005 Catalina. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.

Race Condition

A logic issue was addressed with improved state management

CVE-2021-30844 7.5 - High - October 19, 2021

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.

Memory Leak

A memory corruption issue was addressed with improved state management

CVE-2021-30832 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.

Memory Corruption

A memory corruption issue was addressed with improved memory handling

CVE-2021-30830 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A URI parsing issue was addressed with improved parsing

CVE-2021-30829 7.8 - High - October 19, 2021

A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files.

This issue was addressed with improved checks

CVE-2021-30828 5.5 - Medium - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.

Exposure of Resource to Wrong Sphere

A permissions issue existed

CVE-2021-30827 7.8 - High - October 19, 2021

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.

Improper Preservation of Permissions

An access issue was addressed with improved access restrictions

CVE-2021-30850 5.5 - Medium - October 19, 2021

An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system.

Exposure of Resource to Wrong Sphere

This issue was addressed with improved checks

CVE-2021-30843 7.8 - High - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30842 7.8 - High - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30841 7.8 - High - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30835 7.8 - High - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30847 7.8 - High - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.

A memory corruption issue was addressed with improved validation

CVE-2021-1828 7.1 - High - September 08, 2021

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An application may be able to cause unexpected system termination or write kernel memory.

Memory Corruption

This issue was addressed with improved checks

CVE-2021-30685 5.5 - Medium - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information.

A logic issue was addressed with improved state management

CVE-2021-30684 7.8 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A remote attacker may cause an unexpected application termination or arbitrary code execution.

A logic issue was addressed with improved state management

CVE-2021-30678 9.8 - Critical - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

A memory initialization issue was addressed with improved memory handling

CVE-2021-1860 6.5 - Medium - September 08, 2021

A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory.

Improper Initialization

Processing a maliciously crafted audio file may disclose restricted memory

CVE-2021-1846 5.5 - Medium - September 08, 2021

Processing a maliciously crafted audio file may disclose restricted memory. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds read was addressed with improved input validation.

Out-of-bounds Read

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-30686 5.5 - Medium - September 08, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory.

Out-of-bounds Read

Multiple issues in apache were addressed by updating apache to version 2.4.46

CVE-2021-30690 9.8 - Critical - September 08, 2021

Multiple issues in apache were addressed by updating apache to version 2.4.46. This issue is fixed in Security Update 2021-004 Mojave. Multiple issues in apache.

An information disclosure issue was addressed with improved state management

CVE-2021-30692 5.5 - Medium - September 08, 2021

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-30695 5.5 - Medium - September 08, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

Out-of-bounds Read

A double free issue was addressed with improved memory management

CVE-2021-1875 7.8 - High - September 08, 2021

A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption.

Double-free

A race condition was addressed with improved locking

CVE-2021-1884 5.9 - Medium - September 08, 2021

A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service.

Race Condition

A validation issue was addressed with improved logic

CVE-2021-1813 7.8 - High - September 08, 2021

A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.

Improper Privilege Management

This issue was addressed with improved checks

CVE-2021-30705 5.5 - Medium - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted ASTC file may disclose memory contents.

A logic issue was addressed with improved state management

CVE-2021-30704 7.8 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.

A double free issue was addressed with improved memory management

CVE-2021-30703 7.8 - High - September 08, 2021

A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.

Double-free

This issue was addressed with improved checks

CVE-2021-30701 7.8 - High - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution.

A logic issue was addressed with improved state management

CVE-2021-30697 5.5 - Medium - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information.

An attacker in a privileged network position may be able to misrepresent application state

CVE-2021-30696 5.9 - Medium - September 08, 2021

An attacker in a privileged network position may be able to misrepresent application state. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A logic issue was addressed with improved state management.

An information disclosure issue was addressed with improved state management

CVE-2021-30694 5.5 - Medium - September 08, 2021

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

A validation issue was addressed with improved logic

CVE-2021-30693 7.8 - High - September 08, 2021

A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution.

Improper Input Validation

An information disclosure issue was addressed with improved state management

CVE-2021-30691 5.5 - Medium - September 08, 2021

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

A malicious application may be able to break out of its sandbox

CVE-2021-30688 8.8 - High - September 08, 2021

A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation.

Improper Input Validation

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-30687 5.5 - Medium - September 08, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information.

Out-of-bounds Read

A validation issue was addressed with improved logic

CVE-2021-30671 3.3 - Low - September 08, 2021

A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder.

Improper Input Validation

An out-of-bounds read was addressed with improved input validation

CVE-2021-1881 7.8 - High - September 08, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution.

Out-of-bounds Read

A use after free issue was addressed with improved memory management

CVE-2021-30683 7.8 - High - September 08, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application could execute arbitrary code leading to compromise of user information.

Dangling pointer

A validation issue existed in the handling of symlinks

CVE-2021-30681 7.8 - High - September 08, 2021

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to gain root privileges.

Improper Input Validation

This issue was addressed by removing the vulnerable code

CVE-2021-30679 7.8 - High - September 08, 2021

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An application may be able to gain elevated privileges.

A race condition was addressed with additional validation

CVE-2021-30652 7 - High - September 08, 2021

A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.

Race Condition

This issue was addressed with improved checks

CVE-2021-1883 5.5 - Medium - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption.

Improper Validation of Integrity Check Value

An integer overflow was addressed with improved input validation

CVE-2021-1878 6.5 - Medium - September 08, 2021

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.

Integer Overflow or Wraparound

A use after free issue was addressed with improved memory management

CVE-2021-1876 8.8 - High - September 08, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

An API issue in Accessibility TCC permissions was addressed with improved state management

CVE-2021-1873 6.5 - Medium - September 08, 2021

An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user's credentials from secure text fields.

Insufficiently Protected Credentials

A logic issue was addressed with improved state management

CVE-2021-1868 7.8 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.

Improper Privilege Management

A logic issue was addressed with improved state management

CVE-2021-30657 5.5 - Medium - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..

Download of Code Without Integrity Check

An application may be able to execute arbitrary code with system privileges

CVE-2021-30655 9.8 - Critical - September 08, 2021

An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permissions logic.

A memory corruption issue was addressed with improved validation

CVE-2021-1882 9.8 - Critical - September 08, 2021

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2021-1851 8.8 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.

Improper Privilege Management

A malicious application may be able to execute arbitrary code with kernel privileges

CVE-2021-1841 7.8 - High - September 08, 2021

A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. An out-of-bounds write issue was addressed with improved bounds checking.

Memory Corruption

A memory initialization issue was addressed with improved memory handling

CVE-2021-1857 6.5 - Medium - September 08, 2021

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information.

Improper Initialization

Processing a maliciously crafted image may lead to arbitrary code execution

CVE-2021-1858 7.8 - High - September 08, 2021

Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds write issue was addressed with improved bounds checking.

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2021-30672 7.8 - High - September 08, 2021

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.

Memory Corruption

An access issue was addressed with improved access restrictions

CVE-2021-30673 5.5 - Medium - September 08, 2021

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to access a user's call history.

Exposure of Resource to Wrong Sphere

A logic issue was addressed with improved state management

CVE-2021-30676 7.1 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.

An out-of-bounds read was addressed with improved input validation

CVE-2021-30708 7.8 - High - September 08, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Out-of-bounds Read

A permissions issue was addressed with improved validation

CVE-2021-30713 7.8 - High - September 08, 2021

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..

AuthZ

Copied files may not have the expected file permissions

CVE-2021-1832 5.5 - Medium - September 08, 2021

Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic.

Incorrect Default Permissions

A logic issue was addressed with improved state management

CVE-2020-27942 7.8 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may lead to arbitrary code execution.

The issue was addressed with improved permissions logic

CVE-2021-1839 7.8 - High - September 08, 2021

The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges.

Improper Privilege Management

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2021-1834 9.8 - Critical - September 08, 2021

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A parsing issue in the handling of directory paths was addressed with improved path validation

CVE-2021-1740 5.5 - Medium - September 08, 2021

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.

Directory traversal

A parsing issue in the handling of directory paths was addressed with improved path validation

CVE-2021-1739 5.5 - Medium - September 08, 2021

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.

Directory traversal

A memory corruption issue was addressed with improved validation

CVE-2021-1840 7.8 - High - September 08, 2021

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges.

Improper Input Validation

An out-of-bounds write was addressed with improved input validation

CVE-2021-1762 7.8 - High - September 08, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Memory Corruption

A local user may be able to cause unexpected system termination or read kernel memory

CVE-2021-30719 7.1 - High - September 08, 2021

A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code.

Out-of-bounds Read

A memory corruption issue was addressed with improved state management

CVE-2021-30717 8.1 - High - September 08, 2021

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2021-30716 5.9 - Medium - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to perform denial of service.

This issue was addressed with improved entitlements

CVE-2021-1824 4.4 - Medium - September 08, 2021

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information.

Exposure of Resource to Wrong Sphere

A logic issue was addressed with improved state management

CVE-2021-30715 7.5 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.

A memory corruption issue was addressed with improved validation

CVE-2021-1809 7.5 - High - September 08, 2021

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory.

Out-of-bounds Read

A memory corruption issue was addressed with improved validation

CVE-2021-1808 7.5 - High - September 08, 2021

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory.

Out-of-bounds Read

A permissions issue existed in DiskArbitration

CVE-2021-1784 7.5 - High - September 08, 2021

A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system.

Incorrect Permission Assignment for Critical Resource

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple Macos or by Apple? Click the Watch button to subscribe.

Apple
Vendor

Apple Mac OSX
Macintosh Operating System

subscribe