Apple macOS Macintosh Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple macOS.
Recent Apple macOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 124929 | macOS Ventura 13.7.8 - Apple Security Content | August 20, 2025 |
| 124927 | macOS Sequoia 15.6.1 - Apple Security Content | August 20, 2025 |
| 124928 | macOS Sonoma 14.7.8 - Apple Security Content | August 20, 2025 |
| 124149 | macOS Sequoia 15.6 - Apple Security Content | July 29, 2025 |
| 124150 | macOS Sonoma 14.7.7 - Apple Security Content | July 29, 2025 |
| 124151 | macOS Ventura 13.7.7 - Apple Security Content | July 29, 2025 |
| 122718 | macOS Ventura 13.7.6 - Apple Security Content | May 12, 2025 |
| 122716 | macOS Sequoia 15.5 - Apple Security Content | May 12, 2025 |
| 122717 | macOS Sonoma 14.7.6 - Apple Security Content | May 12, 2025 |
| 122400 | macOS Sequoia 15.4.1 - Apple Security Content | April 16, 2025 |
Known Exploited Apple macOS Vulnerabilities
The following Apple macOS vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple macOS Use-After-Free Vulnerability |
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 Exploit Probability: 0.7% |
April 17, 2023 |
| Apple macOS Out-of-Bounds Write Vulnerability |
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. CVE-2022-22675 Exploit Probability: 1.0% |
April 4, 2022 |
| Apple macOS Out-of-Bounds Read Vulnerability |
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. CVE-2022-22674 Exploit Probability: 0.3% |
April 4, 2022 |
| Apple macOS Input Validation Error |
A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30713 Exploit Probability: 0.1% |
November 3, 2021 |
| Apple macOS Policy Subsystem Gatekeeper Bypass |
A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30657 Exploit Probability: 77.6% |
November 3, 2021 |
The vulnerability CVE-2021-30657: Apple macOS Policy Subsystem Gatekeeper Bypass is in the top 5% of the currently known exploitable vulnerabilities.
Apple macOS EOL Dates
Ensure that you are using a supported version of Apple macOS. Here are some end of life, and end of support dates for Apple macOS.
| Release | EOL Date | Status |
|---|---|---|
| 26 | - |
Active
|
| 15 | - |
Active
|
| 14 | - |
Active
|
| 13 | September 15, 2025 |
EOL
Apple macOS 13 became EOL in 2025. |
| 12 | September 16, 2024 |
EOL
Apple macOS 12 became EOL in 2024. |
| 11 | September 26, 2023 |
EOL
Apple macOS 11 became EOL in 2023. |
| 10.15 | September 12, 2022 |
EOL
Apple macOS 10.15 became EOL in 2022. |
| 10.14 | October 25, 2021 |
EOL
Apple macOS 10.14 became EOL in 2021. |
| 10.13 | December 1, 2020 |
EOL
Apple macOS 10.13 became EOL in 2020. |
| 10.12 | October 1, 2019 |
EOL
Apple macOS 10.12 became EOL in 2019. |
| 10.11 | December 1, 2018 |
EOL
Apple macOS 10.11 became EOL in 2018. |
| 10.9 | December 1, 2016 |
EOL
Apple macOS 10.9 became EOL in 2016. |
| 10.8 | August 13, 2015 |
EOL
Apple macOS 10.8 became EOL in 2015. |
| 10.7 | October 4, 2012 |
EOL
Apple macOS 10.7 became EOL in 2012. |
| 10.6 | July 25, 2011 |
EOL
Apple macOS 10.6 became EOL in 2011. |
| 10.5 | August 13, 2009 |
EOL
Apple macOS 10.5 became EOL in 2009. |
| 10.4 | November 14, 2007 |
EOL
Apple macOS 10.4 became EOL in 2007. |
| 10.3 | April 15, 2005 |
EOL
Apple macOS 10.3 became EOL in 2005. |
| 10.2 | October 3, 2003 |
EOL
Apple macOS 10.2 became EOL in 2003. |
| 10.1 | June 6, 2002 |
EOL
Apple macOS 10.1 became EOL in 2002. |
By the Year
In 2025 there have been 498 vulnerabilities in Apple macOS with an average score of 6.2 out of ten. Last year, in 2024 macOS had 530 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in macOS in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.06.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 498 | 6.20 |
| 2024 | 530 | 6.13 |
| 2023 | 424 | 6.59 |
| 2022 | 380 | 7.12 |
| 2021 | 500 | 7.06 |
| 2020 | 264 | 7.10 |
| 2019 | 305 | 7.40 |
| 2018 | 89 | 7.26 |
It may take a day or so for new macOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple macOS Security Vulnerabilities
macOS Ventura 13.7.7: Logic flaw allows sensitive data access
CVE-2025-43313
5.5 - Medium
- October 15, 2025
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to access sensitive user data.
Authorization
Apple OS double free before Sequoia 15.6 / iOS 18.6
CVE-2025-43282
5.5 - Medium
- October 15, 2025
A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination.
Double-free
macOS Sequoia 15.x Privilege Elevation via Improper Auth (CVE-2025-43281)
CVE-2025-43281
8.4 - High
- October 15, 2025
The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.
authentification
Apple macOS Gatekeeper Bypass in Tahoe via Logic Issue
CVE-2025-43296
5.5 - Medium
- October 09, 2025
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.
Improper Check or Handling of Exceptional Conditions
Apple macOS/OOB font write fixed in Sonoma 14.8.1
CVE-2025-43400
6.3 - Medium
- September 29, 2025
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.
Memory Corruption
macOS file quarantine bypass before 15.7/14.8/26, possible sandbox breakout
CVE-2025-43332
5.2 - Medium
- September 15, 2025
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.
Authorization
macOS Root Privilege Escalation via Path Validation 15.7/14.8/26
CVE-2025-43298
7.8 - High
- September 15, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
Improper Resolution of Path Equivalence
OOB Write in AVFoundation (fixed in iOS 18.7, macOS 15.7)
CVE-2025-43349
2.8 - Low
- September 15, 2025
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted video file may lead to unexpected app termination.
Memory Corruption
MacOS Data Access Vulnerability Fixed by Entitlement Sequoia 15.7, Sonoma 14.8
CVE-2025-43308
3.3 - Low
- September 15, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
Authorization
Apple macOS Tahoe 26 Permissions Issue Allows App Sensitive Data
CVE-2025-43328
3.3 - Low
- September 15, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
Authorization
macOS Tahoe 26 ENV Variable Validation Flaw Allows Sensitive Data Access
CVE-2025-43294
3.3 - Low
- September 15, 2025
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
Authorization
macOS Tahoe Symlink Access – Privileged Data Exposure
CVE-2025-43369
5.5 - Medium
- September 15, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
Authorization
bufOverflow in macOS (Sequoia<15.7,Sonoma<14.8,Tahoe<26) sys crash
CVE-2025-43312
5.5 - Medium
- September 15, 2025
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause unexpected system termination.
Classic Buffer Overflow
macOS Heap Corruption (CVE-2025-43353) Fixed in Sequoia 15.7, Sonoma 14.8
CVE-2025-43353
5.5 - Medium
- September 15, 2025
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption.
Memory Corruption
macOS Root Priv Escal via Race Cond (CVE-2025-43304)
CVE-2025-43304
7 - High
- September 15, 2025
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
Race Condition
macOS 15.7 Access Bypass – malicious app can read private data
CVE-2025-43305
5.5 - Medium
- September 15, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access private information.
Authorization
Apple OS OOB Access Causing System Termination
CVE-2025-43344
3.3 - Low
- September 15, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to cause unexpected system termination.
Out-of-bounds Read
Directory Path Validation flaw in Apple macOS/iOS (Sonoma 14.8/Sequoia 15.7)
CVE-2025-43190
5.5 - Medium
- September 15, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data.
Directory traversal
Apple Safari Use-After-Free Crash in v26
CVE-2025-43368
4.3 - Medium
- September 15, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Apple macOS DoS Vulnerability (Pre-15.7 & Pre-14.8)
CVE-2025-43295
5.5 - Medium
- September 15, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service.
Resource Exhaustion
Apple OS sandbox escape via permission flaw
CVE-2025-43329
8.8 - High
- September 15, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26, tvOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to break out of its sandbox.
AuthZ
macOS Tahoe OOB Read Causing Unexpected Termination
CVE-2025-43283
3.3 - Low
- September 15, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.
Out-of-bounds Read
macOS Tahoe: Permissions flaw allows root privilege escalation
CVE-2025-43333
7.8 - High
- September 15, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges.
Improper Privilege Management
macOS & iOS Sequoia, Sonoma, Tahoe: Denial-of-Service via Validation
CVE-2025-43299
5.5 - Medium
- September 15, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service.
Improper Input Validation
Apple macOS Tahoe Sandbox Access Issue CVE-2025-43325
CVE-2025-43325
5.5 - Medium
- September 15, 2025
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
Authorization
Apple OS Media File Parser Input Validation Flaw Causing Crash/Memory Corruption
CVE-2025-43372
6.5 - Medium
- September 15, 2025
The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Improper Input Validation
macOS Race Condition Allows Data Leak, Fixed in 15.7 / 26
CVE-2025-43292
5.5 - Medium
- September 15, 2025
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to access sensitive user data.
Race Condition
Apple macOS Path Validation Flaw CVE-2025-43314 – Fixed in 15.7, 14.8, 26
CVE-2025-43314
5.5 - Medium
- September 15, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
Directory traversal
Apple Safari CVE-2025-43343 memory handling crash
CVE-2025-43343
9.8 - Critical
- September 15, 2025
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26, Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple OS Type Confusion CVE-2025-43355 Mitigated in macOS 14.8 and Later
CVE-2025-43355
5.5 - Medium
- September 15, 2025
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to cause a denial-of-service.
Object Type Confusion
Apple OS OOB write fixed tvOS 26, macOS 14.8/15.7/26, iOS 18.7/26
CVE-2025-43302
5.5 - Medium
- September 15, 2025
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to cause unexpected system termination.
Memory Corruption
macOS FaceTime Calls Bypass Lock State
CVE-2025-31271
7.5 - High
- September 15, 2025
This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26. Incoming FaceTime calls can appear or be accepted on a locked macOS device, even with notifications disabled on the lock screen.
authentification
macOS Tahoe 26 root-app info leakage via entitlement
CVE-2025-43318
6.2 - Medium
- September 15, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Tahoe 26. An app with root privileges may be able to access private information.
AuthZ
Apple OSes Unintended UDP Bind to All Interfaces - Fixed in v26
CVE-2025-43359
9.8 - Critical
- September 15, 2025
A logic issue was addressed with improved state management. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A UDP server socket bound to a local interface may become bound to all interfaces.
Always-Incorrect Control Flow Implementation
Apple macOS Permission Bypass via Shortcut – Sequoia15.7 Fix
CVE-2025-43358
8.8 - High
- September 15, 2025
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, iOS 18.7 and iPadOS 18.7, macOS Tahoe 26, iOS 26 and iPadOS 26. A shortcut may be able to bypass sandbox restrictions.
AuthZ
App Access to Protected User Data in macOS < Sequoia 15.7 (Removed Code)
CVE-2025-43319
5.5 - Medium
- September 15, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
Authorization
macOS Tahoe 26 Permissions Flaw Allows App Access to Protected Data
CVE-2025-31270
5.5 - Medium
- September 15, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
Authorization
macOS Sonoma CVE-2025-43231: Logic Issue Potential App Data Exposure (pre-14.8)
CVE-2025-43231
5.5 - Medium
- September 15, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive data.
AuthZ
Apple iOS Data Redaction Logging Flaw CVE-2025-43303
CVE-2025-43303
5.5 - Medium
- September 15, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
Apple OS Logging Redaction Flaw Gaps Data Access for Apps
CVE-2025-43354
5.5 - Medium
- September 15, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
Apple Safari process crash via malicious web content (fixed in 26)
CVE-2025-43342
9.8 - Critical
- September 15, 2025
A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
Improper Input Validation
Apple macOS Tahoe 26: Entitlement Bypass Exposes Sensitive Data
CVE-2025-43207
5.5 - Medium
- September 15, 2025
This issue was addressed with improved entitlements. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data.
Authorization
Apple macOS Data Access CVE-2025-43315 (before Sequoia 15.7)
CVE-2025-43315
5.5 - Medium
- September 15, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access user-sensitive data.
Authorization
Apple macOS 15.7 Input Validation Flaw Exposes User Data
CVE-2025-43293
5.5 - Medium
- September 15, 2025
The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
Improper Input Validation
macOS Permission Bypass Before 15.7/14.8/26
CVE-2025-43285
5.5 - Medium
- September 15, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
Authorization
Apple OS App Fingerprinting via Sensitive Info Leakage
CVE-2025-43357
5.5 - Medium
- September 15, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to fingerprint the user.
Privacy violation
macOS Tahoe Sandbox Escape Vulnerability (CVE-2025-43204)
CVE-2025-43204
7.8 - High
- September 15, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox.
Authorization
macOS permission bug pre-14.8/26 allows root escalation
CVE-2025-43341
7.8 - High
- September 15, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
AuthZ
Permission Escalation via Root Privileges in macOS & visionOS (CVE-2025-43316)
CVE-2025-43316
7.8 - High
- September 15, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26, visionOS 26. A malicious app may be able to gain root privileges.
AuthZ
macOS before 14.8/Tahoe 26 Permissions Issue Allows App to Read Protected Data
CVE-2025-31269
5.5 - Medium
- September 15, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
Authorization
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple macOS or by Apple? Click the Watch button to subscribe.
