Apple macOS Macintosh Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple macOS.
Recent Apple macOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 122283 | macOS Sequoia 15.3.2 - Apple Security Content | March 11, 2025 |
| 122068 | macOS Sequoia 15.3 - Apple Security Content | January 27, 2025 |
| 122069 | macOS Sonoma 14.7.3 - Apple Security Content | January 27, 2025 |
| 122070 | macOS Ventura 13.7.3 - Apple Security Content | January 27, 2025 |
| 121839 | macOS Sequoia 15.2 - Apple Security Content | December 11, 2024 |
| 121840 | macOS Sonoma 14.7.2 - Apple Security Content | December 11, 2024 |
| 121842 | macOS Ventura 13.7.2 - Apple Security Content | December 11, 2024 |
| 121753 | macOS Sequoia 15.1.1 - Apple Security Content | November 19, 2024 |
| 121564 | macOS Sequoia 15.1 - Apple Security Content | October 28, 2024 |
| 121568 | macOS Ventura 13.7.1 - Apple Security Content | October 28, 2024 |
Known Exploited Apple macOS Vulnerabilities
The following Apple macOS vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple macOS Use-After-Free Vulnerability |
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 Exploit Probability: 0.1% |
April 17, 2023 |
| Apple macOS Out-of-Bounds Write Vulnerability |
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. CVE-2022-22675 Exploit Probability: 0.2% |
April 4, 2022 |
| Apple macOS Out-of-Bounds Read Vulnerability |
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. CVE-2022-22674 Exploit Probability: 0.1% |
April 4, 2022 |
| Apple macOS Input Validation Error |
A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30713 Exploit Probability: 0.8% |
November 3, 2021 |
| Apple macOS Policy Subsystem Gatekeeper Bypass |
A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30657 Exploit Probability: 57.0% |
November 3, 2021 |
The vulnerability CVE-2021-30657: Apple macOS Policy Subsystem Gatekeeper Bypass is in the top 5% of the currently known exploitable vulnerabilities.
Apple macOS EOL Dates
Ensure that you are using a supported version of Apple macOS. Here are some end of life, and end of support dates for Apple macOS.
| Release | EOL Date | Status |
|---|---|---|
| 15 | - |
Active
|
| 14 | - |
Active
|
| 13 | - |
Active
|
| 12 | September 16, 2024 |
EOL
Apple macOS 12 became EOL in 2024. |
| 11 | September 26, 2023 |
EOL
Apple macOS 11 became EOL in 2023. |
| 10.15 | September 12, 2022 |
EOL
Apple macOS 10.15 became EOL in 2022. |
| 10.14 | October 25, 2021 |
EOL
Apple macOS 10.14 became EOL in 2021. |
| 10.13 | December 1, 2020 |
EOL
Apple macOS 10.13 became EOL in 2020. |
| 10.12 | October 1, 2019 |
EOL
Apple macOS 10.12 became EOL in 2019. |
| 10.11 | December 1, 2018 |
EOL
Apple macOS 10.11 became EOL in 2018. |
| 10.9 | December 1, 2016 |
EOL
Apple macOS 10.9 became EOL in 2016. |
| 10.8 | August 13, 2015 |
EOL
Apple macOS 10.8 became EOL in 2015. |
| 10.7 | October 4, 2012 |
EOL
Apple macOS 10.7 became EOL in 2012. |
| 10.6 | July 25, 2011 |
EOL
Apple macOS 10.6 became EOL in 2011. |
| 10.5 | August 13, 2009 |
EOL
Apple macOS 10.5 became EOL in 2009. |
| 10.4 | November 14, 2007 |
EOL
Apple macOS 10.4 became EOL in 2007. |
| 10.3 | April 15, 2005 |
EOL
Apple macOS 10.3 became EOL in 2005. |
| 10.2 | October 3, 2003 |
EOL
Apple macOS 10.2 became EOL in 2003. |
| 10.1 | June 6, 2002 |
EOL
Apple macOS 10.1 became EOL in 2002. |
| 10.1 | June 6, 2002 |
EOL
Apple macOS 10.1 became EOL in 2002. |
By the Year
In 2025 there have been 96 vulnerabilities in Apple macOS with an average score of 6.2 out of ten. Last year, in 2024 macOS had 519 security vulnerabilities published. Right now, macOS is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.08.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 96 | 6.21 |
| 2024 | 519 | 6.13 |
| 2023 | 423 | 6.59 |
| 2022 | 380 | 7.12 |
| 2021 | 500 | 7.06 |
| 2020 | 264 | 7.10 |
| 2019 | 305 | 7.40 |
| 2018 | 89 | 7.26 |
It may take a day or so for new macOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple macOS Security Vulnerabilities
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions
CVE-2025-24201
8.8 - High
- March 11, 2025
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
Memory Corruption
The issue was addressed with improved checks
CVE-2024-44192
5.5 - Medium
- March 10, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved memory handling
CVE-2024-44227
7.5 - High
- March 10, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.
Resource Exhaustion
This issue was addressed with improved entitlements
CVE-2024-54463
5.5 - Medium
- March 10, 2025
This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent.
A cookie management issue was addressed with improved state management
CVE-2024-54467
6.5 - Medium
- March 10, 2025
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
The issue was addressed with improved checks
CVE-2024-54469
5.5 - Medium
- March 10, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information.
Information Disclosure
This issue was addressed with improved redaction of sensitive information
CVE-2024-54473
5.5 - Medium
- March 10, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
Information Disclosure
The issue was addressed with improved memory handling
CVE-2024-54546
7.5 - High
- March 10, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.
Resource Exhaustion
A logic issue was addressed with improved checks
CVE-2024-54560
5.5 - Medium
- March 10, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission.
The issue was addressed with improved memory handling
CVE-2024-27859
8.8 - High
- February 10, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved memory handling
CVE-2024-54658
6.5 - Medium
- February 10, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
An input validation issue was addressed
CVE-2025-24126
7.3 - High
- January 27, 2025
An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory.
A type confusion issue was addressed with improved checks
CVE-2025-24129
7.5 - High
- January 27, 2025
A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination.
Object Type Confusion
The issue was addressed with improved memory handling
CVE-2025-24131
6.5 - Medium
- January 27, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service.
A use-after-free issue was addressed with improved memory management
CVE-2024-54499
8.8 - High
- January 27, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.
Dangling pointer
The issue was addressed with improved bounds checks
CVE-2024-54518
5.3 - Medium
- January 27, 2025
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.
Out-of-bounds Read
The issue was addressed with improved checks
CVE-2024-54468
8.2 - High
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to break out of its sandbox.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2024-54475
3.3 - Low
- January 27, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to determine a users current location.
An out-of-bounds access issue was addressed with improved bounds checking
CVE-2024-54478
6.5 - Medium
- January 27, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash.
A type confusion issue was addressed with improved memory handling
CVE-2024-54507
5.5 - Medium
- January 27, 2025
A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An attacker with user privileges may be able to read kernel memory.
Object Type Confusion
The issue was resolved by sanitizing logging
CVE-2024-54519
5.5 - Medium
- January 27, 2025
The issue was resolved by sanitizing logging. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to read sensitive location information.
A path handling issue was addressed with improved validation
CVE-2024-54520
5.5 - Medium
- January 27, 2025
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to overwrite arbitrary files.
The issue was addressed with improved bounds checks
CVE-2024-54523
6.3 - Medium
- January 27, 2025
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.
This issue was addressed with additional entitlement checks
CVE-2024-54537
8.2 - High
- January 27, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to read and write files outside of its sandbox.
A logic issue was addressed with improved file handling
CVE-2024-54488
5.3 - Medium
- January 27, 2025
A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Photos in the Hidden Photos Album may be viewed without authentication.
A permissions issue was addressed with additional restrictions
CVE-2024-54516
3.3 - Low
- January 27, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to approve a launch daemon without user consent.
The issue was addressed with improved bounds checks
CVE-2024-54517
7.8 - High
- January 27, 2025
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.
Memory Corruption
The issue was addressed with improved bounds checks
CVE-2024-54522
7.8 - High
- January 27, 2025
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.
Memory Corruption
The issue was addressed with improved validation of environment variables
CVE-2024-54536
5.5 - Medium
- January 27, 2025
The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables.
This issue was addressed through improved state management
CVE-2024-54541
5.5 - Medium
- January 27, 2025
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.
The issue was addressed with improved memory handling
CVE-2024-54543
8.8 - High
- January 27, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.
Memory Corruption
This issue was addressed with improved redaction of sensitive information
CVE-2024-54549
5.5 - Medium
- January 27, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.
A logic issue was addressed with improved restrictions
CVE-2024-54557
7.5 - High
- January 27, 2025
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.
A permissions issue was addressed with additional restrictions
CVE-2025-24093
- January 27, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3. An app may be able to access removable volumes without user consent.
The issue was addressed with improved checks
CVE-2024-54497
6.5 - Medium
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2024-44172
3.3 - Low
- January 27, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15. An app may be able to access contacts.
An out-of-bounds write issue was addressed with improved input validation
CVE-2024-54509
7.8 - High
- January 27, 2025
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.
Memory Corruption
An integer overflow was addressed through improved input validation
CVE-2025-24156
7.8 - High
- January 27, 2025
An integer overflow was addressed through improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to elevate privileges.
Integer Overflow or Wraparound
This issue was addressed by improved management of object lifetimes
CVE-2025-24120
7.5 - High
- January 27, 2025
This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An attacker may be able to cause unexpected app termination.
A privacy issue was addressed with improved handling of files
CVE-2025-24150
8.8 - High
- January 27, 2025
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection.
Command Injection
This issue was addressed through improved state management
CVE-2025-24162
6.5 - Medium
- January 27, 2025
This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved memory handling
CVE-2025-24158
6.5 - Medium
- January 27, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.
The issue was addressed with improved access restrictions to the file system
CVE-2025-24143
6.5 - Medium
- January 27, 2025
The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
An out-of-bounds write was addressed with improved input validation
CVE-2025-24154
9.1 - Critical
- January 27, 2025
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
This issue was addressed with improved data protection
CVE-2025-24092
- January 27, 2025
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read sensitive location information.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2025-24145
3.3 - Low
- January 27, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone number in system logs.
Insertion of Sensitive Information into Log File
This issue was addressed with improved message validation
CVE-2025-24135
7.8 - High
- January 27, 2025
This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges.
A permissions issue was addressed with improved validation
CVE-2025-24176
- January 27, 2025
A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges.
This issue was addressed through improved state management
CVE-2025-24138
5.5 - Medium
- January 27, 2025
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious application may be able to leak sensitive user information.
A buffer overflow issue was addressed with improved memory handling
CVE-2025-24153
6.7 - Medium
- January 27, 2025
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app with root privileges may be able to execute arbitrary code with kernel privileges.
Classic Buffer Overflow
The issue was addressed with improved memory handling
CVE-2025-24152
5.5 - Medium
- January 27, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app may be able to cause unexpected system termination or corrupt kernel memory.
The issue was addressed with improved memory handling
CVE-2025-24151
5.5 - Medium
- January 27, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or corrupt kernel memory.
The issue was addressed with improved checks
CVE-2025-24139
5.5 - Medium
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Parsing a maliciously crafted file may lead to an unexpected app termination.
An access issue was addressed with additional sandbox restrictions
CVE-2025-24108
5.5 - Medium
- January 27, 2025
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data.
This issue was addressed with improved validation of symlinks
CVE-2025-24103
5.5 - Medium
- January 27, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access protected user data.
An out-of-bounds read was addressed with improved bounds checking
CVE-2025-24149
5.5 - Medium
- January 27, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to disclosure of user information.
The issue was addressed with improved UI
CVE-2025-24113
4.3 - Medium
- January 27, 2025
The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.
The issue was addressed by adding additional logic
CVE-2025-24128
4.3 - Medium
- January 27, 2025
The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Visiting a malicious website may lead to address bar spoofing.
This issue was addressed with improved redaction of sensitive information
CVE-2025-24146
- January 27, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Deleting a conversation in Messages may expose user contact information in system logging.
A logging issue was addressed with improved data redaction
CVE-2025-24169
7.5 - High
- January 27, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication.
The issue was addressed with improved checks
CVE-2025-24130
5.5 - Medium
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.
This issue was addressed through improved state management
CVE-2025-24096
5.5 - Medium
- January 27, 2025
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files.
This issue was addressed with improved redaction of sensitive information
CVE-2025-24101
- January 27, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data.
This issue was addressed with improved validation of symlinks
CVE-2025-24136
4.4 - Medium
- January 27, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious app may be able to create symlinks to protected regions of the disk.
insecure temporary file
This issue was addressed with improved redaction of sensitive information
CVE-2025-24117
5.5 - Medium
- January 27, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.
Insecure Storage of Sensitive Information
An access issue was addressed with additional sandbox restrictions
CVE-2025-24116
4.4 - Medium
- January 27, 2025
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to bypass Privacy preferences.
A path handling issue was addressed with improved validation
CVE-2025-24115
6.3 - Medium
- January 27, 2025
A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read files outside of its sandbox.
A race condition was addressed with additional validation
CVE-2025-24094
4.7 - Medium
- January 27, 2025
A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access user-sensitive data.
Race Condition
A validation issue was addressed with improved logic
CVE-2025-24159
7.8 - High
- January 27, 2025
A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges.
A permissions issue was addressed with additional restrictions
CVE-2025-24107
7.8 - High
- January 27, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3 and iPadOS 18.3. A malicious app may be able to gain root privileges.
The issue was addressed with improved memory handling
CVE-2025-24118
7.1 - High
- January 27, 2025
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.
The issue was addressed with improved memory handling
CVE-2025-24086
5.5 - Medium
- January 27, 2025
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.
The issue was addressed with improved checks
CVE-2025-24174
7.7 - High
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to bypass Privacy preferences.
This issue was addressed through improved state management
CVE-2025-24140
5.3 - Medium
- January 27, 2025
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. Files downloaded from the internet may not have the quarantine flag applied.
An information disclosure issue was addressed with improved privacy controls
CVE-2025-24134
5.5 - Medium
- January 27, 2025
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data.
The issue was addressed with improved checks
CVE-2025-24102
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to determine a users current location.
A use after free issue was addressed with improved memory management
CVE-2025-24085
7.8 - High
- January 27, 2025
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Dangling pointer
The issue was addressed with improved checks
CVE-2025-24124
5.5 - Medium
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
The issue was addressed with improved checks
CVE-2025-24123
5.5 - Medium
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
The issue was addressed with improved checks
CVE-2025-24163
5.5 - Medium
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
The issue was addressed with improved checks
CVE-2025-24161
5.5 - Medium
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
The issue was addressed with improved checks
CVE-2025-24160
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
The issue was addressed with improved checks
CVE-2025-24106
5.5 - Medium
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Parsing a file may lead to an unexpected app termination.
The issue was addressed with improved checks
CVE-2025-24127
5.5 - Medium
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions
CVE-2025-24122
5.5 - Medium
- January 27, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.
A logic issue was addressed with improved checks
CVE-2025-24121
- January 27, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.
A permissions issue was addressed with additional restrictions
CVE-2025-24114
5.5 - Medium
- January 27, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.
A downgrade issue was addressed with additional code-signing restrictions
CVE-2025-24109
5.5 - Medium
- January 27, 2025
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access sensitive user data.
A logic issue was addressed with improved restrictions
CVE-2025-24100
3.3 - Low
- January 27, 2025
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access information about a user's contacts.
The issue was addressed with improved checks
CVE-2025-24112
5.5 - Medium
- January 27, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. Parsing a file may lead to an unexpected app termination.
The issue was addressed with additional permissions checks
CVE-2025-24087
5.5 - Medium
- January 27, 2025
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data.
Improper Preservation of Permissions
A type confusion issue was addressed with improved checks
CVE-2025-24137
- January 27, 2025
A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.
A null pointer dereference was addressed with improved input validation
CVE-2025-24177
7.5 - High
- January 27, 2025
A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. A remote attacker may be able to cause a denial-of-service.
NULL Pointer Dereference
The issue was addressed with improved checks
CVE-2024-27856
7.8 - High
- January 15, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.
Code Injection
The issue was addressed with improved memory handling
CVE-2024-40771
7.8 - High
- January 15, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges.
A memory initialization issue was addressed with improved memory handling
CVE-2024-40854
5.5 - Medium
- January 15, 2025
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination.
macOS Sequoia Login Window Bypass Vulnerability
CVE-2024-44231
4.6 - Medium
- December 20, 2024
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login Window during a software update.
macOS Sequoia Symlink Validation Bypass Vulnerability
CVE-2024-44211
5.5 - Medium
- December 20, 2024
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.
insecure temporary file
macOS Login Window Protected Content Exposure Vulnerability
CVE-2024-44223
4.6 - Medium
- December 20, 2024
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window.
macOS Sequoia: Sensitive User Data Exposure via Log Entries
CVE-2024-44292
5.5 - Medium
- December 20, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.
Insecure Storage of Sensitive Information
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple macOS or by Apple? Click the Watch button to subscribe.
