Apple macOS Macintosh Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple macOS.
Recent Apple macOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 125634 | macOS Tahoe 26.1 - Apple Security Content | November 3, 2025 |
| 125636 | macOS Sonoma 14.8.2 - Apple Security Content | November 3, 2025 |
| 125635 | macOS Sequoia 15.7.2 - Apple Security Content | November 3, 2025 |
| 125330 | macOS Sonoma 14.8.1 - Apple Security Content | September 29, 2025 |
| 125329 | macOS Sequoia 15.7.1 - Apple Security Content | September 29, 2025 |
| 125328 | macOS Tahoe 26.0.1 - Apple Security Content | September 29, 2025 |
| 125112 | macOS Sonoma 14.8 - Apple Security Content | September 15, 2025 |
| 125110 | macOS Tahoe 26 - Apple Security Content | September 15, 2025 |
| 125111 | macOS Sequoia 15.7 - Apple Security Content | September 15, 2025 |
| 124927 | macOS Sequoia 15.6.1 - Apple Security Content | August 20, 2025 |
Known Exploited Apple macOS Vulnerabilities
The following Apple macOS vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple macOS Use-After-Free Vulnerability |
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 Exploit Probability: 0.7% |
April 17, 2023 |
| Apple macOS Out-of-Bounds Write Vulnerability |
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. CVE-2022-22675 Exploit Probability: 1.0% |
April 4, 2022 |
| Apple macOS Out-of-Bounds Read Vulnerability |
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. CVE-2022-22674 Exploit Probability: 0.3% |
April 4, 2022 |
| Apple macOS Input Validation Error |
A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30713 Exploit Probability: 0.1% |
November 3, 2021 |
| Apple macOS Policy Subsystem Gatekeeper Bypass |
A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30657 Exploit Probability: 75.8% |
November 3, 2021 |
The vulnerability CVE-2021-30657: Apple macOS Policy Subsystem Gatekeeper Bypass is in the top 5% of the currently known exploitable vulnerabilities.
Apple macOS EOL Dates
Ensure that you are using a supported version of Apple macOS. Here are some end of life, and end of support dates for Apple macOS.
| Release | EOL Date | Status |
|---|---|---|
| 26 | - |
Active
|
| 15 | - |
Active
|
| 14 | - |
Active
|
| 13 | September 15, 2025 |
EOL
Apple macOS 13 became EOL in 2025. |
| 12 | September 16, 2024 |
EOL
Apple macOS 12 became EOL in 2024. |
| 11 | September 26, 2023 |
EOL
Apple macOS 11 became EOL in 2023. |
| 10.15 | September 12, 2022 |
EOL
Apple macOS 10.15 became EOL in 2022. |
| 10.14 | October 25, 2021 |
EOL
Apple macOS 10.14 became EOL in 2021. |
| 10.13 | December 1, 2020 |
EOL
Apple macOS 10.13 became EOL in 2020. |
| 10.12 | October 1, 2019 |
EOL
Apple macOS 10.12 became EOL in 2019. |
| 10.11 | December 1, 2018 |
EOL
Apple macOS 10.11 became EOL in 2018. |
| 10.9 | December 1, 2016 |
EOL
Apple macOS 10.9 became EOL in 2016. |
| 10.8 | August 13, 2015 |
EOL
Apple macOS 10.8 became EOL in 2015. |
| 10.7 | October 4, 2012 |
EOL
Apple macOS 10.7 became EOL in 2012. |
| 10.6 | July 25, 2011 |
EOL
Apple macOS 10.6 became EOL in 2011. |
| 10.5 | August 13, 2009 |
EOL
Apple macOS 10.5 became EOL in 2009. |
| 10.4 | November 14, 2007 |
EOL
Apple macOS 10.4 became EOL in 2007. |
| 10.3 | April 15, 2005 |
EOL
Apple macOS 10.3 became EOL in 2005. |
| 10.2 | October 3, 2003 |
EOL
Apple macOS 10.2 became EOL in 2003. |
| 10.1 | June 6, 2002 |
EOL
Apple macOS 10.1 became EOL in 2002. |
By the Year
In 2025 there have been 596 vulnerabilities in Apple macOS with an average score of 6.7 out of ten. Last year, in 2024 macOS had 534 security vulnerabilities published. That is, 62 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.32.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 596 | 6.70 |
| 2024 | 534 | 6.38 |
| 2023 | 424 | 6.74 |
| 2022 | 380 | 7.10 |
| 2021 | 500 | 7.05 |
| 2020 | 264 | 7.10 |
| 2019 | 305 | 7.40 |
| 2018 | 89 | 7.26 |
It may take a day or so for new macOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple macOS Security Vulnerabilities
Use-After-Free in Safari <16.6 leading to memory corruption (CVE-2023-43000)
CVE-2023-43000
8.8 - High
- November 05, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.
Dangling pointer
macOS Kernel Memory Corruption via Memory Handling (fixed in 14.8.2/15.7.2)
CVE-2025-43373
7.5 - High
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory.
Buffer Overflow
Apple Safari 26.1: Web Content Crash Vulnerability
CVE-2025-43430
4.3 - Medium
- November 04, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Improper Input Validation
iOS/iPadOS 26.1 Data Redaction Logging Bug Exposes Sensitive User Data
CVE-2025-43426
5.5 - Medium
- November 04, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
macOS Sequoia 15.7.2 Downgrade Vulnerability Fixed
CVE-2025-43390
5.5 - Medium
- November 04, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.
Improper Verification of Cryptographic Signature
Apple OSs: watchOS 26.1/iOS 26.1/iPadOS 26.1/visionOS 26.1 Memory Leak/Kernel Corruption
CVE-2025-43447
5.5 - Medium
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
Buffer Overflow
Apple iOS 26.1: Privacy Preference Bypass via Sensitive Data Leak
CVE-2025-43502
7.5 - High
- November 04, 2025
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. An app may be able to bypass certain Privacy preferences.
Authorization
Apple iOS OOB Access via Malicious Media (fixed 26.1)
CVE-2025-43386
7.1 - High
- November 04, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Out-of-bounds Read
Apple OS Sensitive Data Access Vulnerability (CVE-2025-43345)
CVE-2025-43345
5.5 - Medium
- November 04, 2025
A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to access sensitive user data.
Information Disclosure
Apple Safari 26.1 Address Bar Spoofing (CVE-2025-43493)
CVE-2025-43493
4.3 - Medium
- November 04, 2025
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Visiting a malicious website may lead to address bar spoofing.
Authentication Bypass by Spoofing
Apple macOS Sequoia 15.7.2 Root Privilege Escalation via Permissions Bug
CVE-2025-43387
7.8 - High
- November 04, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2. A malicious app may be able to gain root privileges.
AuthZ
macOS Sensitive Data Leak via Missing Entitlement Checks (14.8.2 / 15.7.2)
CVE-2025-43411
5.5 - Medium
- November 04, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.
Information Disclosure
Apple macOS Symlink Validation Flaw Allows File System Modification (fixed v15.7.2)
CVE-2025-43446
5.5 - Medium
- November 04, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to modify protected parts of the file system.
insecure temporary file
Apple OS UI Spoofing (before 26.1)
CVE-2025-43503
4.3 - Medium
- November 04, 2025
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Visiting a malicious website may lead to user interface spoofing.
Authentication Bypass by Spoofing
Apple iOS/iPadOS/macOS Temp File Privacy Bug (Fixed in 26.1 / 14.8.2)
CVE-2025-43391
5.5 - Medium
- November 04, 2025
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.
Information Disclosure
Sandbox Escape in Apple OS via Entitlement Issue (pre-26.1)
CVE-2025-43407
7.8 - High
- November 04, 2025
This issue was addressed with improved entitlements. This issue is fixed in visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1, tvOS 26.1. An app may be able to break out of its sandbox.
Authorization
Apple Safari 26.1 unexpected crash via crafted web content
CVE-2025-43427
4.3 - Medium
- November 04, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Improper Input Validation
Safari/iOS memory corruption via web content, fixed v26.1
CVE-2025-43431
8.8 - High
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to memory corruption.
macOS Gatekeeper bypass logic flaw before 14.8.2/15.7.2
CVE-2025-43348
5.5 - Medium
- November 04, 2025
A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may bypass Gatekeeper checks.
Improper Input Validation
Race Condition Allowing Sandbox Escape in macOS Sonoma 14.8 and Sequoia 15.7
CVE-2025-43364
7.8 - High
- November 04, 2025
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox.
Race Condition
macOS sandbox bypass logic flaw fixed in 14.8.2/15.7.2
CVE-2025-43396
5.5 - Medium
- November 04, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A sandboxed app may be able to access sensitive user data.
Authorization
Apple OS Symlink Validation Flaw Allows Data Access (pre-26.1)
CVE-2025-43379
5.5 - Medium
- November 04, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. An app may be able to access protected user data.
insecure temporary file
Safari UA-FREE Crash before 26.1 on iOS/iPadOS/watchOS, visionOS
CVE-2025-43457
6.5 - Medium
- November 04, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Apple Safari CVE-2025-43441: Mem Crash (<=26.0), Fixed 26.1
CVE-2025-43441
4.3 - Medium
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple macOS/iOS Media Parser OOB Issue (CVE-2025-43338)
CVE-2025-43338
7.1 - High
- November 04, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.2, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
XSS
macOS Out-of-Bounds Write in Input Parser (UBW) 14.8.2/15.7.2
CVE-2025-43380
5.5 - Medium
- November 04, 2025
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. Parsing a file may lead to an unexpected app termination.
Memory Corruption
macOS Symlink Validation flaw bypasses Privacy prefs (fixed in Sequoia 15.7)
CVE-2025-43288
5.5 - Medium
- November 04, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7. An app may be able to bypass Privacy preferences.
insecure temporary file
macOS OS: Logic flaw reading user data before 14.8.2 (Sonoma), 15.7.2 (Sequoia)
CVE-2025-43322
5.5 - Medium
- November 04, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.
Authorization
macOS entitlement check bypass: app accesses sensitive data before 14.8.2
CVE-2025-43334
5.5 - Medium
- November 04, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.
Authorization
Apple OS 26.1 App Enumeration Permission Escalation
CVE-2025-43436
7.5 - High
- November 04, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to enumerate a user's installed apps.
Authentication Bypass Using an Alternate Path or Channel
macOS Sensitive Data Access Race Condition (before 14.8.2/15.7.2)
CVE-2025-43420
4.7 - Medium
- November 04, 2025
A race condition was addressed with improved state handling. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.
Race Condition
Apple OS Auth Issue Fixed in 26.1/15.7.2/14.8.2
CVE-2025-43498
5.5 - Medium
- November 04, 2025
An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access sensitive user data.
Authorization
macOS Privacy: Log Data Redaction Flaw (Fixed: Sonoma14.8.2, Sequoia15.7.2)
CVE-2025-43477
5.5 - Medium
- November 04, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.
Authorization
macOS Sonoma/Sequoia Entitlement Check Flaw: App Access to Sensitive Data
CVE-2025-43499
5.5 - Medium
- November 04, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to access sensitive user data.
Authorization
macOS Sandbox Escalation False Permissions (Sonoma 14.8.2/Sequoia 15.7.2)
CVE-2025-43476
7.8 - High
- November 04, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to break out of its sandbox.
Authorization
Safari/iOS/iPadOS Array Allocation Sinking Crash pre-26.1
CVE-2025-43421
4.3 - Medium
- November 04, 2025
Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Out-of-bounds Read
macOS pre-14.8.2/15.7.2 Sensitive Data Access Vulnerability
CVE-2025-43335
5.5 - Medium
- November 04, 2025
The issue was addressed by adding additional logic. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.
Authorization
Apple visionOS/iOS Fingerprint Vulnerability via Entitlement Checks
CVE-2025-43323
8.1 - High
- November 04, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 26, tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to fingerprint the user.
Information Disclosure
Safari Crash via Malformed Web Content Fixed in 26.1
CVE-2025-43440
6.5 - Medium
- November 04, 2025
This issue was addressed with improved checks This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
XSS
macOS Perm error causing app-driven DoS, fixed 14.8.2/15.7.2
CVE-2025-43397
5.5 - Medium
- November 04, 2025
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to cause a denial-of-service.
AuthZ
macOS Sequoia 15.7.2 Improper Permissions, Fixed by Additional Restriction
CVE-2025-43378
5.5 - Medium
- November 04, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access sensitive user data.
Information Disclosure
DoS in macOS via Validation Bypass (pre 14.8.2/15.7.2)
CVE-2025-43401
7.5 - High
- November 04, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A remote attacker may be able to cause a denial-of-service.
Improper Input Validation
macOS 14/15 Permissions flaw before 14.8.2/15.7.2 may expose user data
CVE-2025-43479
5.5 - Medium
- November 04, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.
Information Disclosure
Apple OS Remote Images Load Even When Setting Turned Off (Fixed 26.1/15.7.2)
CVE-2025-43496
7.5 - High
- November 04, 2025
The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.
Privacy violation
Safari use-after-free crash on watchOS/iOS @26.1
CVE-2025-43438
4.3 - Medium
- November 04, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Cross-Origin Data Exfiltration in Safari 26.1 (CVE-2025-43480)
CVE-2025-43480
8.1 - High
- November 04, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. A malicious website may exfiltrate data cross-origin.
Permissive Cross-domain Policy with Untrusted Domains
Path Parsing Bug in Apple macOS Sonoma 14/Sequoia 15 Exposes Sensitive Data
CVE-2025-43382
5.5 - Medium
- November 04, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.
Directory traversal
macOS Shortcuts Permissions Issue Fix in 14.8.2/15.7.2
CVE-2025-43414
6.2 - Medium
- November 04, 2025
A permissions issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
Authorization
Apple Safari <26.1 Process Crash via Malicious Web Content
CVE-2025-43443
4.3 - Medium
- November 04, 2025
This issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Privacy Flaw: Screenshots of Embedded Views in Apple iOS/watchOS 26.1
CVE-2025-43455
5.5 - Medium
- November 04, 2025
A privacy issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple macOS or by Apple? Click the Watch button to subscribe.
