Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-8828 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.
CVE-2014-8827 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 2.1 LOW· v2 LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the sc...Show more LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.Show less
CVE-2014-8826 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.
CVE-2014-8825 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via un...Show more The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.Show less
CVE-2014-8824 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2014-8823 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 4.7 MEDIUM· v2 The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access an...Show more The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument.Show less
CVE-2014-8822 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method...Show more IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method.Show less
CVE-2014-8821 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820.
CVE-2014-8820 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821.
CVE-2014-8819 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821.
CVE-2014-8817 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a cr...Show more coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command.Show less
CVE-2014-8816 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document.
CVE-2014-4499 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 2.1 LOW· v2 The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.
CVE-2014-4498 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 4.7 MEDIUM· v2 The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunders...Show more The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.Show less
CVE-2014-4497 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel me...Show more Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.Show less
CVE-2014-4495 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to...Show more The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.Show less
CVE-2014-4492 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd...Show more libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.Show less
CVE-2014-4491 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it e...Show more The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.Show less
CVE-2014-4489 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a d...Show more IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.Show less
CVE-2014-4488 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via...Show more IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.Show less

Previous 1...105106107...161 Next