This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2011-06-24
Product Mac Os X Last view 2021-09-08
Version 10.8.5 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:apple:mac_os_x

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2021-09-08 CVE-2021-30805

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.

8.8 2021-09-08 CVE-2021-30799

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.

7.8 2021-09-08 CVE-2021-30790

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8 2021-09-08 CVE-2021-30789

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.

7.1 2021-09-08 CVE-2021-30788

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.

7.8 2021-09-08 CVE-2021-30787

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to cause unexpected system termination or write kernel memory.

7.8 2021-09-08 CVE-2021-30785

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution.

6.5 2021-09-08 CVE-2021-30783

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions.

5.5 2021-09-08 CVE-2021-30782

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to access restricted files.

7.8 2021-09-08 CVE-2021-30781

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A local attacker may be able to cause unexpected application termination or arbitrary code execution.

7.8 2021-09-08 CVE-2021-30780

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges.

7.8 2021-09-08 CVE-2021-30777

An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.

5.5 2021-09-08 CVE-2021-30776

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Playing a malicious audio file may lead to an unexpected application termination.

7.8 2021-09-08 CVE-2021-30775

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution.

5.5 2021-09-08 CVE-2021-30768

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions.

7.8 2021-09-08 CVE-2021-30766

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.

7.8 2021-09-08 CVE-2021-30739

A local attacker may be able to elevate their privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A memory corruption issue was addressed with improved validation.

5.5 2021-09-08 CVE-2021-30738

A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization.

8.8 2021-09-08 CVE-2021-30737

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution.

7.8 2021-09-08 CVE-2021-30735

A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.

5.5 2021-09-08 CVE-2021-30733

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory.

5.5 2021-09-08 CVE-2021-30731

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices.

7.8 2021-09-08 CVE-2021-30728

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges.

7.8 2021-09-08 CVE-2021-30726

A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.

7.8 2021-09-08 CVE-2021-30725

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
31% (546) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (201) CWE-20 Improper Input Validation
10% (190) CWE-787 Out-of-bounds Write
9% (156) CWE-125 Out-of-bounds Read
8% (147) CWE-200 Information Exposure
4% (72) CWE-264 Permissions, Privileges, and Access Controls
2% (44) CWE-416 Use After Free
2% (37) CWE-362 Race Condition
1% (27) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (22) CWE-310 Cryptographic Issues
1% (21) CWE-476 NULL Pointer Dereference
1% (19) CWE-284 Access Control (Authorization) Issues
1% (19) CWE-254 Security Features
0% (17) CWE-189 Numeric Errors
0% (14) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (13) CWE-665 Improper Initialization
0% (13) CWE-190 Integer Overflow or Wraparound
0% (12) CWE-399 Resource Management Errors
0% (12) CWE-287 Improper Authentication
0% (11) CWE-269 Improper Privilege Management
0% (11) CWE-19 Data Handling
0% (10) CWE-17 Code
0% (8) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (8) CWE-295 Certificate Issues
0% (8) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

SAINT Exploits

Description Link
Safari Script Editor AppleScript execution More info here
OS X rootpipe privilege elevation More info here
Mac OS X rsh Environment Variables Privilege Elevation More info here

Open Source Vulnerability Database (OSVDB)

id Description
74382 GNU troff contrib/pdfmark/pdfroff.sh Ghostscript Launch Arbitrary File Manipu...
73111 GNU Troff pdfroff Temporary File Symlink Arbitrary File Overwrite

ExploitDB Exploits

id Description
35427 tnftp - clientside BSD exploit
31875 Python socket.recvfrom_into() - Remote Buffer Overflow
30395 PHP openssl_x509_parse() - Memory Corruption Vulnerability
29168 Apple Remote Desktop 3.7 - PoC
27944 Mac OS X Sudo Password Bypass

OpenVAS Exploits

id Description
2014-10-16 Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl
2012-11-16 Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console
File : nvt/gb_VMSA-2012-0016.nasl
2012-10-19 Name : Ubuntu Update for python2.5 USN-1613-1
File : nvt/gb_ubuntu_USN_1613_1.nasl
2012-10-19 Name : Ubuntu Update for python2.4 USN-1613-2
File : nvt/gb_ubuntu_USN_1613_2.nasl
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-06 (expat)
File : nvt/glsa_201209_06.nasl
2012-09-11 Name : Ubuntu Update for xmlrpc-c USN-1527-2
File : nvt/gb_ubuntu_USN_1527_2.nasl
2012-08-30 Name : Fedora Update for groff FEDORA-2012-8577
File : nvt/gb_fedora_2012_8577_groff_fc17.nasl
2012-08-14 Name : Ubuntu Update for expat USN-1527-1
File : nvt/gb_ubuntu_USN_1527_1.nasl
2012-08-10 Name : Debian Security Advisory DSA 2525-1 (expat)
File : nvt/deb_2525_1.nasl
2012-08-03 Name : Mandriva Update for expat MDVSA-2012:041 (expat)
File : nvt/gb_mandriva_MDVSA_2012_041.nasl
2012-07-30 Name : CentOS Update for expat CESA-2012:0731 centos5
File : nvt/gb_CESA-2012_0731_expat_centos5.nasl
2012-07-30 Name : CentOS Update for expat CESA-2012:0731 centos6
File : nvt/gb_CESA-2012_0731_expat_centos6.nasl
2012-06-15 Name : RedHat Update for expat RHSA-2012:0731-01
File : nvt/gb_RHSA-2012_0731-01_expat.nasl
2012-06-08 Name : Fedora Update for groff FEDORA-2012-8590
File : nvt/gb_fedora_2012_8590_groff_fc15.nasl
2012-06-08 Name : Fedora Update for groff FEDORA-2012-8596
File : nvt/gb_fedora_2012_8596_groff_fc16.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0222 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0061471
2015-B-0105 Multiple Vulnerabilities in Apple QuickTime
Severity: Category II - VMSKEY: V0061349
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0154 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0061081
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2015-B-0014 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0058513
2015-B-0013 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0058515
2015-B-0012 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0058517
2014-A-0114 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0053307
2014-A-0091 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0052905
2014-B-0048 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0050015
2014-A-0059 Apple Mac OS X Security Update 2014-002
Severity: Category I - VMSKEY: V0049741
2014-B-0024 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0046157
2014-A-0030 Apple Mac OS X Security Update 2014-001
Severity: Category I - VMSKEY: V0044547
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2012-A-0189 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0035032

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-02-25 Apple Safari user assisted applescript code execution attempt
RuleID : 52622 - Type : BROWSER-WEBKIT - Revision : 1
2020-02-25 Apple Safari user assisted applescript code execution attempt
RuleID : 52621 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52314 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52313 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore AIR optimization memory corruption attempt
RuleID : 51822 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore AIR optimization memory corruption attempt
RuleID : 51821 - Type : BROWSER-WEBKIT - Revision : 1
2018-08-16 PHP phar extension remote code execution attempt
RuleID : 47207 - Type : SERVER-WEBAPP - Revision : 2
2018-08-16 Apple Quicktime malformed FPX file memory corruption attempt
RuleID : 47174 - Type : FILE-IMAGE - Revision : 1
2018-08-16 Apple Quicktime malformed FPX file memory corruption attempt
RuleID : 47173 - Type : FILE-IMAGE - Revision : 1
2018-07-31 FreeBSD bspatch utility remote code execution attempt
RuleID : 47048 - Type : FILE-OTHER - Revision : 1
2018-07-31 FreeBSD bspatch utility remote code execution attempt
RuleID : 47047 - Type : FILE-OTHER - Revision : 1
2018-07-19 Apple macOS and iOS fgetattrlist kernel heap overflow attempt
RuleID : 46991 - Type : OS-OTHER - Revision : 1
2018-07-19 Apple macOS and iOS fgetattrlist kernel heap overflow attempt
RuleID : 46990 - Type : OS-OTHER - Revision : 1
2018-07-10 Microsoft Windows Interrupt Service Routine stack rollback attempt
RuleID : 46910 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows Interrupt Service Routine stack rollback attempt
RuleID : 46909 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows processor modification return to user-mode attempt
RuleID : 46908 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows processor modification return to user-mode attempt
RuleID : 46907 - Type : INDICATOR-COMPROMISE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1633.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a7ac26523d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bdc5bfaedc.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS security update that fixes multiple vulner...
File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO
2018-11-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1577.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12_1.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL17403481.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14_1.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS security update that fixes multiple vulner...
File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-10-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_8_banner.nasl - Type: ACT_GATHER_INFO