Apple Macos Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single items and item collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Prioritizing items becomes possible.

Last Year

The analysis of the timeline helps to identify the required approach and handling of single items and item collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Prioritizing items becomes possible.

Version

10.12.0357
10.13.0343
10.13.1343
10.12.1341
10.10280

Grouping all affected versions of a specific product helps to determine existing issues. This makes it possible to determine vendors and products which need attention when it comes to remediations.

Remediation

Official Fix3214
Temporary Fix0
Workaround0
Unavailable0
Not Defined1

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High71
Functional0
Proof-of-Concept179
Unproven0
Not Defined2965

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical51
Local1565
Adjacent176
Network1423

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High39
Low1647
None1529

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required1091
None2124

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

Last Year

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤330
≤4205
≤5482
≤6684
≤7739
≤8706
≤9217
≤10152

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤333
≤4204
≤5508
≤6901
≤7552
≤8736
≤9136
≤10144

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤353
≤4470
≤5381
≤6777
≤7700
≤8485
≤9185
≤10163

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤315
≤485
≤561
≤6597
≤7169
≤8829
≤9211
≤10296

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤33
≤411
≤58
≤688
≤749
≤8115
≤949
≤1016

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤101

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k30
<2k34
<5k590
<10k1162
<25k1347
<50k51
<100k1
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k2522
<2k362
<5k321
<10k9
<25k1
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

Last Year

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Versions (172): 1.0, 2.0, 2.1, 5.0, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 5.11, 10.0, 10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.8.5, 10.9, 10.9.5, 10.10, 10.10.1, 10.10.2, 10.10.3, 10.10.3 Beta 1, 10.11, 10.11.1, 10.11.2, 10.11.3, 10.11.4, 10.11.5, 10.11.6, 10.12, 10.12.1, 10.12.2, 10.12.3, 10.12.4, 10.12.5, 10.12.6, 10.13, 10.13.1, 10.13.2, 10.13.3, 10.13.4, 10.13.5, 10.13.5 2018-003, 10.13.6, 10.14, 10.14.1, 10.14.2, 10.14.3, 10.14.4, 10.14.5, 10.14.6, 10.15, 10.15.1, 10.15.2, 10.15.3, 10.15.4, 10.15.5, 10.15.6, 10.15.7, 11, 11.0, 11.0.1, 11.1, 11.2, 11.2.1, 11.2.2, 11.2.3, 11.3, 11.3.1, 11.4, 11.5, 11.5.1, 11.5.2, 11.6, 11.6.1, 11.6.2, 11.6.3, 11.6.4, 11.6.5, 11.6.6, 11.7, 11.7.1, 11.7.2, 11.7.3, 11.7.4, 11.7.5, 11.7.6, 11.7.7, 11.7.8, 11.7.9, 12.0, 12.0.1, 12.1, 12.2, 12.2.1, 12.3, 12.3.1, 12.4, 12.5, 12.5.1, 12.6, 12.6.1, 12.6.2, 12.6.3, 12.6.4, 12.6.5, 12.6.6, 12.6.7, 12.6.8, 12.7, 12.7.1, 12.7.2, 12.7.3, 12.7.4, 12.7.5, 12.7.6, 13, 13.0, 13.1, 13.2, 13.2.1, 13.3, 13.3.1, 13.4, 13.4.1, 13.5, 13.6, 13.6.1, 13.6.2, 13.6.3, 13.6.4, 13.6.5, 13.6.6, 13.6.7, 13.6.8, 13.7, 14, 14.0, 14.1, 14.2, 14.3, 14.4, 14.5, 14.6, 14.7, 15.0, 15.1, 15.2, 16.0, 16.1, 16.2, 16.3, 16.4, 16.5, 16.6, 17.0, 17.1, 17.2, 17.3, 17.4, 18.0, 18.1

Link to Product Website: https://www.apple.com/

Software Type: Operating System

PublishedBaseTempVulnerability0dayTodayExpRemCTICVE
01/30/20255.25.1Apple macOS authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2025-24099
01/28/20255.35.1Apple macOS memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2024-54523
01/28/20254.44.2Apple macOS path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2024-54520
01/28/20257.06.9Apple macOS memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2024-54517
01/28/20256.56.4Apple macOS memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2024-54522
01/28/20255.35.1Apple macOS memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2024-54518
01/28/20254.03.9Apple macOS permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2024-54516
01/28/20255.35.1Apple macOS Privacy Preferences access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2025-24174
01/28/20255.35.1Apple macOS access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.11CVE-2025-24135
01/28/20254.94.8Apple macOS File Parser denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2025-24112
01/28/20255.35.1Apple macOS access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.12CVE-2025-24108
01/28/20253.33.2Apple macOS information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2025-24101
01/28/20255.45.3Apple macOS state issue$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2025-24096
01/28/20253.33.2Apple macOS information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2025-24092
01/28/20255.45.3Apple macOS permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2025-24087
01/28/20254.44.3Apple macOS information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.23CVE-2024-54549
01/28/20255.35.1Apple macOS access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2024-54547
01/28/20254.84.7Apple macOS NVRAM Variable access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.28CVE-2024-54536
01/28/20253.33.2Apple macOS information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2024-54519
01/28/20256.36.2Apple macOS Kernel Memory memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.19CVE-2025-24152
01/28/20253.33.2Apple macOS information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.21CVE-2025-24134
01/28/20254.84.7Apple macOS state issue$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2025-24140
01/28/20253.33.2Apple macOS access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.13CVE-2025-24130
01/28/20254.34.1Apple macOS File Parser denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2025-24124
01/28/20255.35.1Apple macOS permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2025-24176
01/28/20257.17.0Apple macOS Browser Extension improper authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2025-24169
01/28/20253.33.2Apple macOS Phone Number information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.12CVE-2025-24145
01/28/20254.94.8Apple macOS File Parser denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2025-24161
01/28/20254.34.1Apple macOS denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2025-24160
01/28/20253.33.2Apple macOS downgrade$0-$5k$0-$5kNot DefinedOfficial Fix0.11CVE-2025-24122
01/28/20254.34.1Apple macOS File Parser denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2025-24163
01/28/20257.37.2Apple macOS integer overflow$5k-$25k$0-$5kNot DefinedOfficial Fix0.32CVE-2025-24156
01/28/20254.34.1Apple macOS File Parser denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2025-24123
01/28/20254.34.1Apple macOS File denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2025-24139
01/28/20254.34.1Apple macOS File Parser denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.13CVE-2025-24127
01/28/20254.94.8Apple macOS symlink$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2025-24136
01/28/20255.04.8Apple macOS memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2025-24126
01/28/20253.33.2Apple macOS access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.15CVE-2025-24121
01/28/20253.53.4Apple macOS denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.12CVE-2025-24120
01/28/20253.33.2Apple macOS information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2025-24117
01/28/20255.35.1Apple macOS Restrictions access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2025-24116
01/28/20255.35.1Apple macOS path traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2025-24115
01/28/20255.35.1Apple macOS Restrictions permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2025-24114
01/28/20255.35.1Apple macOS downgrade$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2025-24109
01/28/20253.33.2Apple macOS Contact information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2025-24100
01/28/20254.34.1Apple macOS File Parser denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.10CVE-2025-24106
01/28/20255.35.1Apple macOS symlink$5k-$25k$0-$5kNot DefinedOfficial Fix0.12CVE-2025-24103
01/28/20253.33.2Apple macOS information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2025-24102
01/28/20253.63.5Apple macOS race condition$0-$5k$0-$5kNot DefinedOfficial Fix0.12CVE-2025-24094
01/28/20255.35.1Apple macOS Removable Volume permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2025-24093

3165 more entries are not shown

more entries by Apple

Do you need the next level of professionalism?

Upgrade your account now!