CVE-2026-32323 Mullvad VPN for macOS: Local Privilege Escalation via unverified bundle path in installer

Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying if the bundle is...

Mozilla Thunderbird < 140.10

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-34 advisory. - Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox...

Mozilla Thunderbird < 140.9.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-29 advisory. - Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and...

CVE-2026-28727

Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 macOS before build 41186, Acronis Cyber Protect Cloud Agent macOS before build 41124, Acronis True Image macOS before build 42902...

Elevation of Privilege Vulnerability in Multiple Apple Products (CNVD-2026-14476)

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. An elevation of privilege vulnerability exists in several Apple products, which can be exploited by an...

CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

CVE-2024-46062

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitra...

PT-2025-48949

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLD INSERT LIBRARIES environment...

PT-2025-37816

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.7 macOS versions prior to 14.8 macOS versions prior to 26 Description: A configuration issue was addressed with additional restrictions. An app may be able to trick a user into copying sensitive data to the...

PT-2025-35539

Name of the Vulnerable Software and Affected Versions: alaneuler batteryKid versions 2.0 through 2.1 Description: A weakness has been identified in alaneuler batteryKid on macOS. The affected element is an unknown function within the file PrivilegeHelper/PrivilegeHelper.swift of the NSXPCListener...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS, which stems from a type confusion that could lead an attacker to read kernel memory...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS version 15.3, which stems from an application that may be able to bypass privacy preferences...

PT-2024-19784 · Apple · Macos Sonoma +5

Name of the Vulnerable Software and Affected Versions: Apple tvOS versions prior to 17.4 Apple iOS versions prior to 17.4 Apple iPadOS versions prior to 17.4 Apple macOS Sonoma versions prior to 14.4 Apple watchOS versions prior to 10.4 Description: A logic issue was addressed with improved...

PT-2023-4199 · Apple +8 · Macos Ventura +14

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.6 iPadOS versions prior to 16.6 tvOS versions prior to 16.6 macOS Ventura versions prior to 13.5 Safari versions prior to 16.6 watchOS versions prior to 9.6 Description: The issue is related to the WebKitGTK and WPE...

CVE-2022-42860

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Ventura prior to version 13.2, which stems from a boundary-checking issue, where an application may be able to execute arbitrary code using kernel privileges...

PT-2022-26596 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: Apple tvOS versions prior to 16.1 Apple iOS versions prior to 16.1 Apple iPadOS versions prior to 16 Apple macOS versions prior to Ventura 13 Apple watchOS versions prior to 9.1 Description: An out-of-bounds write issue was addressed with...

CactusVPN root elevation of privilege vulnerability

CactusVPN for macOS is a macOS-based VPN software from CactusVPN Moldova for anonymous access to the Internet. privileged helper tool is one of the helper tools. A privileged helper tool vulnerability exists in CactusVPN 6.0 and earlier versions for macOS-based platforms. An attacker can exploit...

CVE-2017-13855

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted...

HandBrake for Mac Compromised with Proton Spyware

The handlers of the open source HandBrake video transcoder are warning anyone who recently downloaded the Mac version of the software that they’re likely infected with malware. HandBrake warned users on Saturday of a compromise of one of its mirror download servers, and said anyone who grabbed th...