Apple macOS Macintosh Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple macOS.
Recent Apple macOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 127595 | macOS Tahoe 26.5.2 - Apple Security Content | June 29, 2026 |
| 127115 | macOS Tahoe 26.5 - Apple Security Content | May 11, 2026 |
| 127117 | macOS Sonoma 14.8.7 - Apple Security Content | May 11, 2026 |
| 127116 | macOS Sequoia 15.7.7 - Apple Security Content | May 11, 2026 |
| 126795 | macOS Sequoia 15.7.5 - Apple Security Content | March 24, 2026 |
| 126796 | macOS Sonoma 14.8.5 - Apple Security Content | March 24, 2026 |
| 126794 | macOS Tahoe 26.4 - Apple Security Content | March 24, 2026 |
| 126604 | Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2 - Apple Security Content | March 17, 2026 |
| 126348 | macOS Tahoe 26.3 - Apple Security Content | February 11, 2026 |
| 126349 | macOS Sequoia 15.7.4 - Apple Security Content | February 11, 2026 |
Known Exploited Apple macOS Vulnerabilities
The following Apple macOS vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple macOS Use-After-Free Vulnerability |
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 Exploit Probability: 0.7% |
April 17, 2023 |
| Apple macOS Out-of-Bounds Write Vulnerability |
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. CVE-2022-22675 Exploit Probability: 12.6% |
April 4, 2022 |
| Apple macOS Out-of-Bounds Read Vulnerability |
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. CVE-2022-22674 Exploit Probability: 1.1% |
April 4, 2022 |
| Apple macOS Input Validation Error |
A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30713 Exploit Probability: 6.6% |
November 3, 2021 |
| Apple macOS Policy Subsystem Gatekeeper Bypass |
A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30657 Exploit Probability: 68.5% |
November 3, 2021 |
The vulnerability CVE-2021-30657: Apple macOS Policy Subsystem Gatekeeper Bypass is in the top 1% of the currently known exploitable vulnerabilities. The vulnerability CVE-2022-22675: Apple macOS Out-of-Bounds Write Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
Apple macOS EOL Dates
Ensure that you are using a supported version of Apple macOS. Here are some end of life, and end of support dates for Apple macOS.
| Release | EOL Date | Status |
|---|---|---|
| 26 | - |
Active
|
| 15 | - |
Active
|
| 14 | - |
Active
|
| 13 | September 15, 2025 |
EOL
Apple macOS 13 became EOL in 2025. |
| 12 | September 16, 2024 |
EOL
Apple macOS 12 became EOL in 2024. |
| 11 | February 2, 2026 |
EOL
Apple macOS 11 became EOL in 2026. |
| 10.15 | February 2, 2026 |
EOL
Apple macOS 10.15 became EOL in 2026. |
| 10.14 | October 25, 2021 |
EOL
Apple macOS 10.14 became EOL in 2021. |
| 10.13 | December 1, 2020 |
EOL
Apple macOS 10.13 became EOL in 2020. |
| 10.12 | October 1, 2019 |
EOL
Apple macOS 10.12 became EOL in 2019. |
| 10.11 | December 1, 2018 |
EOL
Apple macOS 10.11 became EOL in 2018. |
| 10.9 | December 1, 2016 |
EOL
Apple macOS 10.9 became EOL in 2016. |
| 10.8 | August 13, 2015 |
EOL
Apple macOS 10.8 became EOL in 2015. |
| 10.7 | October 4, 2012 |
EOL
Apple macOS 10.7 became EOL in 2012. |
| 10.6 | July 25, 2011 |
EOL
Apple macOS 10.6 became EOL in 2011. |
| 10.5 | August 13, 2009 |
EOL
Apple macOS 10.5 became EOL in 2009. |
| 10.4 | November 14, 2007 |
EOL
Apple macOS 10.4 became EOL in 2007. |
| 10.3 | April 15, 2005 |
EOL
Apple macOS 10.3 became EOL in 2005. |
| 10.2 | October 3, 2003 |
EOL
Apple macOS 10.2 became EOL in 2003. |
| 10.1 | June 6, 2002 |
EOL
Apple macOS 10.1 became EOL in 2002. |
By the Year
In 2026 there have been 310 vulnerabilities in Apple macOS with an average score of 6.3 out of ten. Last year, in 2025 macOS had 679 security vulnerabilities published. Right now, macOS is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.26
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 310 | 6.32 |
| 2025 | 679 | 6.59 |
| 2024 | 543 | 6.42 |
| 2023 | 426 | 6.73 |
| 2022 | 381 | 7.10 |
| 2021 | 500 | 7.01 |
| 2020 | 342 | 7.24 |
| 2019 | 305 | 7.62 |
| 2018 | 89 | 7.25 |
It may take a day or so for new macOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple macOS Security Vulnerabilities
Apple Safari 26.5.1 Cross-Origin Info Leak
CVE-2026-43700
- June 29, 2026
A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information.
Safari 26.5.2 Crash via Malicious Web Content, Fixed
CVE-2026-43716
- June 29, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Safari use-after-free CVE-2026-43720 fixed in Safari 26.5.2
CVE-2026-43720
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Kernel Mem Corruption via Input Validation in Apple iOS/iPadOS/macOS 26.5.2 - Fixed
CVE-2026-39868
- June 29, 2026
This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or corrupt kernel memory.
Clipboard Hijack in Safari 26.5.2 (iOS/macOS)
CVE-2026-43721
- June 29, 2026
This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to silently hijack clipboard data.
Apple Safari 26.5.2: Memory Handling Crash with Malicious Web Content
CVE-2026-39872
- June 29, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Apple Safari 26.5.2 UAF Crash via Malformed Web Content
CVE-2026-43717
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Apple Safari 26.5.2 Memory Disclosure via Malicious Web Content
CVE-2026-43740
- June 29, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may result in the disclosure of process memory.
Apple Safari/iOS Sandbox Bypass via Malicious Site (fixed in 26.5.2)
CVE-2026-43701
- June 29, 2026
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.
Safari Mem Corruption Crash <26.5.2
CVE-2026-43663
- June 29, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Use-After-Free in Safari 26.5.2 Causing Crash
CVE-2026-43726
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Apple iOS/iPadOS/macOS double free bug in web content 26.5.2
CVE-2026-43706
- June 29, 2026
A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Apple Safari 26.5.2 Use-After-Free Crash
CVE-2026-43746
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Safari 26.5.2 Memory Corruption Fix: Crash from Malicious Web Content
CVE-2026-43707
- June 29, 2026
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Use-After-Free Crash in Safari, iOS/iPadOS/macOS, Fixed in 26.5.2
CVE-2026-43727
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Apple Safari <26.5.2: UAF in Web Content (fixed v26.5.2)
CVE-2026-43731
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.
Kernel memory write in Apple OS 26.5.2 (iOS, iPadOS, macOS)
CVE-2026-43724
- June 29, 2026
The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory.
Safari Path Handling Disclosure Vulnerability Fixed 26.5.2
CVE-2026-43732
- June 29, 2026
A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information.
CVE-2026-43708 Safari <26.5.2 cross-origin data exfiltration
CVE-2026-43708
- June 29, 2026
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.
Apple Safari Crash via Malicious Web Content, Fixed in 26.5.2
CVE-2026-43712
- June 29, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Out-of-Bounds Write Leading to Safari Crash (pre-26.5.2)
CVE-2026-43745
- June 29, 2026
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Apple Safari 26.5.2 Use-After-Free in Web Extension Causing Crash
CVE-2026-43704
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash.
Safari & iOS Type Confusion Memory Corruption Fixed in 26.5.2
CVE-2026-43705
- June 29, 2026
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.
Safari/iOS/iPadOS Permissions Leak, fixed in 26.5.2
CVE-2026-43713
- June 29, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Visiting a website may leak sensitive data.
Safari UAF Crash Fixed in 26.5.2
CVE-2026-43709
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Apple Safari UAF in 26.5.2: Crash via Malicious Web Content
CVE-2026-43699
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Safari OOB Crash (v26.5.2) Boundscheck Fix
CVE-2026-43676
- June 29, 2026
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Apple Safari 26.5.2: Sandbox Escape via Input Validation
CVE-2026-43725
- June 29, 2026
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.
Race Condition in Apple OS (iOS 26.5.2/iPadOS 26.5.2/macOS Tahoe) Crash
CVE-2026-43743
- June 29, 2026
A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination.
Kernel State Leak from Improper Sanitization in Apple iOS/macOS 26.5.2
CVE-2026-43722
- June 29, 2026
The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to leak sensitive kernel state.
Apple Safari stack overflow via malformed web content (pre-26.5.2)
CVE-2026-43718
- June 29, 2026
A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Safari UA-FREE CVE-2026-43734 fixed in 26.5.2
CVE-2026-43734
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Apple Safari/iOS/iPadOS/macOS Tahoe OOB Access (Fixed 26.5.2)
CVE-2026-28979
- June 29, 2026
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Apple Safari Cross-Origin Data Exfil - Fixed in 26.5.2
CVE-2026-43735
- June 29, 2026
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.
Apple WebKit <=26.5.2 Crash via Malformed Web Content
CVE-2026-43703
- June 29, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Safari UAF vulnerability; fixed in Safari 26.5.2
CVE-2026-43742
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Use-After-Free in Apple Safari <26.5.2 (memory corruption)
CVE-2026-43715
- June 29, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.
macOS Sequoia/SON+ Ventura Priv Esc via Improper Access Check
CVE-2025-30431
5.5 - Medium
- June 11, 2026
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.
Protection Mechanism Failure
macOS Tahoe 26.0 Sandbox Access Issue (CVE-2025-43339)
CVE-2025-43339
5.5 - Medium
- June 11, 2026
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data.
Authorization
macOS Sequoia 15.4: Path Validation Vulnerability in Directory Handling
CVE-2025-24268
5.5 - Medium
- June 11, 2026
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
Directory traversal
macOS Sequoia 15.4 Symlink Access Control Bypass (CVE-2025-46293)
CVE-2025-46293
5.5 - Medium
- June 11, 2026
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
insecure temporary file
macOS Tahoe 26.1: Fixed Permissions Issue Accessing Protected Data
CVE-2025-46315
7.5 - High
- June 11, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.
Authorization
macOS Sequoia 15.4 Launch Constraint Bypass Elevated Privilege
CVE-2025-31272
7.8 - High
- June 11, 2026
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.
Improper Privilege Management
Privacy Issue in macOS Sequoia 15.4 (CVE202530459)
CVE-2025-30459
5.5 - Medium
- June 11, 2026
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
Privacy violation
macOS Sequoia 15.4: Sandbox Escape Vulnerability (CVE-2025-24284)
CVE-2025-24284
8.8 - High
- June 11, 2026
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.
Protection Mechanism Failure
macOS Permission Flaw May Cause System Termination (Fixed 15.4/14.7.5/13.7.5)
CVE-2025-24165
5.5 - Medium
- June 11, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.
Authorization
macOS <15.4 Symlink Bypass Access to Protected Data
CVE-2025-43278
5.5 - Medium
- June 11, 2026
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
Symlink following
macOS 26.1 Vulnerable Logging Redaction Exposes User Data
CVE-2025-46313
5.5 - Medium
- June 11, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
AuthZ Leak via State Mgmt in iOS/iPadOS/macOS (pre-18.4/15.4)
CVE-2025-46308
5.3 - Medium
- June 11, 2026
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information.
Authorization
macOS Monterey 12.4: Login Window Bypass Vulnerability
CVE-2022-48575
3.5 - Low
- June 10, 2026
A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple macOS or by Apple? Click the Watch button to subscribe.
