Apple macOS Macintosh Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple macOS.
Recent Apple macOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 122718 | macOS Ventura 13.7.6 - Apple Security Content | May 12, 2025 |
| 122716 | macOS Sequoia 15.5 - Apple Security Content | May 12, 2025 |
| 122717 | macOS Sonoma 14.7.6 - Apple Security Content | May 12, 2025 |
| 122400 | macOS Sequoia 15.4.1 - Apple Security Content | April 16, 2025 |
| 122283 | macOS Sequoia 15.3.2 - Apple Security Content | March 11, 2025 |
| 122068 | macOS Sequoia 15.3 - Apple Security Content | January 27, 2025 |
| 122069 | macOS Sonoma 14.7.3 - Apple Security Content | January 27, 2025 |
| 122070 | macOS Ventura 13.7.3 - Apple Security Content | January 27, 2025 |
| 121839 | macOS Sequoia 15.2 - Apple Security Content | December 11, 2024 |
| 121840 | macOS Sonoma 14.7.2 - Apple Security Content | December 11, 2024 |
Known Exploited Apple macOS Vulnerabilities
The following Apple macOS vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple macOS Use-After-Free Vulnerability |
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 Exploit Probability: 0.3% |
April 17, 2023 |
| Apple macOS Out-of-Bounds Write Vulnerability |
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. CVE-2022-22675 Exploit Probability: 0.7% |
April 4, 2022 |
| Apple macOS Out-of-Bounds Read Vulnerability |
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. CVE-2022-22674 Exploit Probability: 0.1% |
April 4, 2022 |
| Apple macOS Input Validation Error |
A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30713 Exploit Probability: 0.1% |
November 3, 2021 |
| Apple macOS Policy Subsystem Gatekeeper Bypass |
A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30657 Exploit Probability: 75.5% |
November 3, 2021 |
The vulnerability CVE-2021-30657: Apple macOS Policy Subsystem Gatekeeper Bypass is in the top 5% of the currently known exploitable vulnerabilities.
Apple macOS EOL Dates
Ensure that you are using a supported version of Apple macOS. Here are some end of life, and end of support dates for Apple macOS.
| Release | EOL Date | Status |
|---|---|---|
| 15 | - |
Active
|
| 14 | - |
Active
|
| 13 | - |
Active
|
| 12 | September 16, 2024 |
EOL
Apple macOS 12 became EOL in 2024. |
| 11 | September 26, 2023 |
EOL
Apple macOS 11 became EOL in 2023. |
| 10.15 | September 12, 2022 |
EOL
Apple macOS 10.15 became EOL in 2022. |
| 10.14 | October 25, 2021 |
EOL
Apple macOS 10.14 became EOL in 2021. |
| 10.13 | December 1, 2020 |
EOL
Apple macOS 10.13 became EOL in 2020. |
| 10.12 | October 1, 2019 |
EOL
Apple macOS 10.12 became EOL in 2019. |
| 10.11 | December 1, 2018 |
EOL
Apple macOS 10.11 became EOL in 2018. |
| 10.9 | December 1, 2016 |
EOL
Apple macOS 10.9 became EOL in 2016. |
| 10.8 | August 13, 2015 |
EOL
Apple macOS 10.8 became EOL in 2015. |
| 10.7 | October 4, 2012 |
EOL
Apple macOS 10.7 became EOL in 2012. |
| 10.6 | July 25, 2011 |
EOL
Apple macOS 10.6 became EOL in 2011. |
| 10.5 | August 13, 2009 |
EOL
Apple macOS 10.5 became EOL in 2009. |
| 10.4 | November 14, 2007 |
EOL
Apple macOS 10.4 became EOL in 2007. |
| 10.3 | April 15, 2005 |
EOL
Apple macOS 10.3 became EOL in 2005. |
| 10.2 | October 3, 2003 |
EOL
Apple macOS 10.2 became EOL in 2003. |
| 10.1 | June 6, 2002 |
EOL
Apple macOS 10.1 became EOL in 2002. |
| 10.1 | June 6, 2002 |
EOL
Apple macOS 10.1 became EOL in 2002. |
By the Year
In 2025 there have been 332 vulnerabilities in Apple macOS with an average score of 6.2 out of ten. Last year, in 2024 macOS had 519 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in macOS in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.09.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 332 | 6.22 |
| 2024 | 519 | 6.13 |
| 2023 | 423 | 6.59 |
| 2022 | 380 | 7.12 |
| 2021 | 500 | 7.06 |
| 2020 | 264 | 7.10 |
| 2019 | 305 | 7.40 |
| 2018 | 89 | 7.26 |
It may take a day or so for new macOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple macOS Security Vulnerabilities
This issue was addressed through improved state management
CVE-2025-30466
- May 29, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy.
A file quarantine bypass was addressed with additional checks
CVE-2025-31189
- May 29, 2025
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.
This issue was addressed with improved validation of symlinks
CVE-2025-31198
- May 29, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A path handling issue was addressed with improved validation.
A logging issue was addressed with improved data redaction
CVE-2025-31199
- May 29, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
An authentication issue was addressed with improved state management
CVE-2025-31264
- May 29, 2025
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.
The issue was addressed with improved memory handling
CVE-2025-31263
- May 29, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
A permissions issue was addressed with additional sandbox restrictions
CVE-2025-31261
- May 29, 2025
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
A permissions issue was addressed with additional restrictions
CVE-2025-31231
- May 29, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read sensitive location information.
A permissions issue was addressed with additional restrictions
CVE-2025-31262
- May 19, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to modify protected parts of the file system.
The issue was addressed with improved checks
CVE-2025-24189
- May 19, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved memory handling
CVE-2025-24184
- May 19, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination.
The issue was addressed with improved checks
CVE-2025-24183
- May 19, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local user may be able to modify protected parts of the file system.
A logic issue was addressed with improved state management
CVE-2025-31247
- May 12, 2025
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected parts of the file system.
This issue was addressed by removing the vulnerable code
CVE-2025-31218
- May 12, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections.
The issue was addressed with improved handling of caches
CVE-2025-31256
- May 12, 2025
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a users deleted notes.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2025-24142
- May 12, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data.
The issue was addressed with additional permissions checks
CVE-2025-30453
- May 12, 2025
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.
An out-of-bounds read was addressed with improved input validation
CVE-2025-31196
- May 12, 2025
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
The issue was addressed with improved input sanitization
CVE-2025-31234
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
The issue was addressed with improved checks
CVE-2025-31245
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.
A file quarantine bypass was addressed with additional checks
CVE-2025-31244
- May 12, 2025
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
This issue was addressed by removing the vulnerable code
CVE-2025-31258
- May 12, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
A logic issue was addressed with improved checks
CVE-2025-31249
- May 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
A logic issue was addressed with improved checks
CVE-2025-31224
- May 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass certain Privacy preferences.
An integer overflow was addressed with improved input validation
CVE-2025-31221
- May 12, 2025
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory.
A logging issue was addressed with improved data redaction
CVE-2025-31213
- May 12, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.
An input validation issue was addressed by removing the vulnerable code
CVE-2025-24274
- May 12, 2025
An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.
The issue was addressed with improved input sanitization
CVE-2025-31259
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2025-31242
- May 12, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data.
An information disclosure issue was addressed with improved privacy controls
CVE-2025-31250
- May 12, 2025
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
A privacy issue was addressed by removing sensitive data
CVE-2025-31220
- May 12, 2025
A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information.
The issue was addressed with improved checks
CVE-2025-31223
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved checks
CVE-2025-31238
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved checks
CVE-2025-31215
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved memory handling
CVE-2025-31204
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved memory handling
CVE-2025-24223
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
A type confusion issue was addressed with improved state handling
CVE-2025-31206
- May 12, 2025
A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
The issue was addressed with improved input validation
CVE-2025-31217
- May 12, 2025
The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
The issue was addressed with improved checks
CVE-2025-31205
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.
This issue was addressed with improved memory handling
CVE-2025-31257
- May 12, 2025
This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
This issue was addressed through improved state management
CVE-2025-31212
- May 12, 2025
This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may be able to access sensitive user data.
A memory corruption issue was addressed with improved state management
CVE-2025-24111
- May 12, 2025
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.
The issue was addressed by adding additional logic
CVE-2025-31195
- May 12, 2025
The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.
The issue was addressed with improved memory handling
CVE-2025-24155
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to disclose kernel memory.
The issue was addressed with improved input sanitization
CVE-2025-30442
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain elevated privileges.
An information disclosure issue was addressed by removing the vulnerable code
CVE-2025-24144
- May 12, 2025
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state.
This issue was addressed with additional entitlement checks
CVE-2025-30448
- May 12, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.
The issue was addressed with improved memory handling
CVE-2025-31246
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6. Connecting to a malicious AFP server may corrupt kernel memory.
This issue was addressed with improved checks
CVE-2025-31240
- May 12, 2025
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination.
This issue was addressed with improved checks
CVE-2025-31237
- May 12, 2025
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple macOS or by Apple? Click the Watch button to subscribe.
