Macos Security Vulnerabilities - CVSS Score 5 - 6

CVE-1999-1412

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.

CVE-2000-0041

Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.

CVE-2017-13909

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.

CVE-2017-13910

An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files.

CVE-2018-4153

An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4178

A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4.

CVE-2018-4283

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.

CVE-2018-4289

An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6.

CVE-2018-4293

A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

CVE-2018-4304

A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4308

An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4321

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.

CVE-2018-4324

A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4333

A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

CVE-2018-4338

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4342

A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.

CVE-2018-4346

A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4348

A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4351

A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4355

A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

CVE-2018-4390

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing...

CVE-2018-4391

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing...

CVE-2018-4395

This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4396

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4399

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4400

A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.

CVE-2018-4403

This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1.

CVE-2018-4413

A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.

CVE-2018-4417

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4418

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.

CVE-2018-4431

A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

CVE-2018-4433

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the ...

CVE-2018-4448

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-...

CVE-2018-4462

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.

CVE-2018-4468

This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra. A malicious application may be able to access restricted files.

CVE-2019-13118

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

CVE-2019-6207

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

CVE-2019-6208

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

CVE-2019-6209

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.

CVE-2019-6220

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory.

CVE-2019-6231

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory.

CVE-2019-7293

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.

CVE-2019-8504

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory.

CVE-2019-8507

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination.

CVE-2019-8510

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

CVE-2019-8519

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. An application may be able to read restricted memory.

CVE-2019-8520

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to read restricted memory.

CVE-2019-8521

This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to overwrite arbitrary files.

CVE-2019-8522

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.

CVE-2019-8530

This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files.