Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2011-06-24 |
| Product | Mac Os X | Last view | 2022-05-26 |
| Version | 10.9.1 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:mac_os_x | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2022-05-26 | CVE-2022-26775 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. |
| 7.8 | 2022-05-26 | CVE-2022-26770 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26769 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 5.5 | 2022-05-26 | CVE-2022-26766 | A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. |
| 7.8 | 2022-05-26 | CVE-2022-26763 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26761 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26757 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26756 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
| 6.3 | 2022-05-26 | CVE-2022-26755 | This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. |
| 7.8 | 2022-05-26 | CVE-2022-26751 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
| 8.8 | 2022-05-26 | CVE-2022-26748 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 5.5 | 2022-05-26 | CVE-2022-26746 | This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. |
| 5.5 | 2022-05-26 | CVE-2022-26728 | This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files. |
| 5.5 | 2022-05-26 | CVE-2022-26727 | This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. |
| 6.5 | 2022-05-26 | CVE-2022-26726 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen. |
| 7.8 | 2022-05-26 | CVE-2022-26722 | A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26721 | A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26720 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26715 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26714 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.1 | 2022-05-26 | CVE-2022-26698 | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
| 7.1 | 2022-05-26 | CVE-2022-26697 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
| 6.7 | 2022-05-26 | CVE-2022-26691 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. |
| 4.4 | 2022-05-26 | CVE-2022-26688 | An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. |
| 5.5 | 2022-05-26 | CVE-2022-22674 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 30% (550) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 11% (214) | CWE-787 | Out-of-bounds Write |
| 11% (202) | CWE-20 | Improper Input Validation |
| 9% (175) | CWE-125 | Out-of-bounds Read |
| 8% (149) | CWE-200 | Information Exposure |
| 3% (65) | CWE-264 | Permissions, Privileges, and Access Controls |
| 2% (47) | CWE-416 | Use After Free |
| 2% (43) | CWE-362 | Race Condition |
| 2% (37) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 1% (22) | CWE-476 | NULL Pointer Dereference |
| 1% (19) | CWE-284 | Access Control (Authorization) Issues |
| 0% (18) | CWE-254 | Security Features |
| 0% (17) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 0% (16) | CWE-665 | Improper Initialization |
| 0% (16) | CWE-310 | Cryptographic Issues |
| 0% (15) | CWE-190 | Integer Overflow or Wraparound |
| 0% (15) | CWE-189 | Numeric Errors |
| 0% (13) | CWE-269 | Improper Privilege Management |
| 0% (11) | CWE-399 | Resource Management Errors |
| 0% (11) | CWE-287 | Improper Authentication |
| 0% (11) | CWE-19 | Data Handling |
| 0% (10) | CWE-17 | Code |
| 0% (9) | CWE-295 | Certificate Issues |
| 0% (8) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (8) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
SAINT Exploits
| Description | Link |
|---|---|
| Safari Script Editor AppleScript execution | More info here |
| OS X rootpipe privilege elevation | More info here |
| Mac OS X rsh Environment Variables Privilege Elevation | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 74382 | GNU troff contrib/pdfmark/pdfroff.sh Ghostscript Launch Arbitrary File Manipu... |
| 73111 | GNU Troff pdfroff Temporary File Symlink Arbitrary File Overwrite |
ExploitDB Exploits
| id | Description |
|---|---|
| 31875 | Python socket.recvfrom_into() - Remote Buffer Overflow |
| 30395 | PHP openssl_x509_parse() - Memory Corruption Vulnerability |
| 27944 | Mac OS X Sudo Password Bypass |
OpenVAS Exploits
| id | Description |
|---|---|
| 2014-10-16 | Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl |
| 2012-11-16 | Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console File : nvt/gb_VMSA-2012-0016.nasl |
| 2012-10-19 | Name : Ubuntu Update for python2.5 USN-1613-1 File : nvt/gb_ubuntu_USN_1613_1.nasl |
| 2012-10-19 | Name : Ubuntu Update for python2.4 USN-1613-2 File : nvt/gb_ubuntu_USN_1613_2.nasl |
| 2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-06 (expat) File : nvt/glsa_201209_06.nasl |
| 2012-09-11 | Name : Ubuntu Update for xmlrpc-c USN-1527-2 File : nvt/gb_ubuntu_USN_1527_2.nasl |
| 2012-08-30 | Name : Fedora Update for groff FEDORA-2012-8577 File : nvt/gb_fedora_2012_8577_groff_fc17.nasl |
| 2012-08-14 | Name : Ubuntu Update for expat USN-1527-1 File : nvt/gb_ubuntu_USN_1527_1.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2525-1 (expat) File : nvt/deb_2525_1.nasl |
| 2012-08-03 | Name : Mandriva Update for expat MDVSA-2012:041 (expat) File : nvt/gb_mandriva_MDVSA_2012_041.nasl |
| 2012-07-30 | Name : CentOS Update for expat CESA-2012:0731 centos5 File : nvt/gb_CESA-2012_0731_expat_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for expat CESA-2012:0731 centos6 File : nvt/gb_CESA-2012_0731_expat_centos6.nasl |
| 2012-06-15 | Name : RedHat Update for expat RHSA-2012:0731-01 File : nvt/gb_RHSA-2012_0731-01_expat.nasl |
| 2012-06-08 | Name : Fedora Update for groff FEDORA-2012-8590 File : nvt/gb_fedora_2012_8590_groff_fc15.nasl |
| 2012-06-08 | Name : Fedora Update for groff FEDORA-2012-8596 File : nvt/gb_fedora_2012_8596_groff_fc16.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0222 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0061471 |
| 2015-B-0105 | Multiple Vulnerabilities in Apple QuickTime Severity: Category II - VMSKEY: V0061349 |
| 2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
| 2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
| 2015-A-0154 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0061081 |
| 2015-B-0012 | Multiple Vulnerabilities in VMware ESXi 5.0 Severity: Category I - VMSKEY: V0058517 |
| 2015-B-0013 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0058515 |
| 2015-B-0014 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0058513 |
| 2014-A-0114 | Multiple Vulnerabilities in Apache HTTP Server Severity: Category I - VMSKEY: V0053307 |
| 2014-A-0091 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0052905 |
| 2014-B-0048 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0050015 |
| 2014-A-0059 | Apple Mac OS X Security Update 2014-002 Severity: Category I - VMSKEY: V0049741 |
| 2014-B-0024 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0046157 |
| 2014-A-0030 | Apple Mac OS X Security Update 2014-001 Severity: Category I - VMSKEY: V0044547 |
| 2014-B-0017 | Apple iOS Security Bypass Vulnerability Severity: Category I - VMSKEY: V0044529 |
| 2014-B-0011 | Multiple Vulnerabilities in NVIDIA Graphics Driver Severity: Category I - VMSKEY: V0043922 |
| 2013-A-0179 | Apple Mac OS X Security Update 2013-004 Severity: Category I - VMSKEY: V0040373 |
| 2012-A-0189 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0035032 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1125 attack attempt RuleID : 54589 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1125 attack attempt RuleID : 54588 - Type : FILE-OTHER - Revision : 1 |
| 2020-02-25 | Apple Safari user assisted applescript code execution attempt RuleID : 52622 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-02-25 | Apple Safari user assisted applescript code execution attempt RuleID : 52621 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52314 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52313 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore AIR optimization memory corruption attempt RuleID : 51822 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore AIR optimization memory corruption attempt RuleID : 51821 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2018-08-16 | PHP phar extension remote code execution attempt RuleID : 47207 - Type : SERVER-WEBAPP - Revision : 2 |
| 2018-08-16 | Apple Quicktime malformed FPX file memory corruption attempt RuleID : 47174 - Type : FILE-IMAGE - Revision : 1 |
| 2018-08-16 | Apple Quicktime malformed FPX file memory corruption attempt RuleID : 47173 - Type : FILE-IMAGE - Revision : 1 |
| 2018-07-31 | FreeBSD bspatch utility remote code execution attempt RuleID : 47048 - Type : FILE-OTHER - Revision : 1 |
| 2018-07-31 | FreeBSD bspatch utility remote code execution attempt RuleID : 47047 - Type : FILE-OTHER - Revision : 1 |
| 2018-07-19 | Apple macOS and iOS fgetattrlist kernel heap overflow attempt RuleID : 46991 - Type : OS-OTHER - Revision : 1 |
| 2018-07-19 | Apple macOS and iOS fgetattrlist kernel heap overflow attempt RuleID : 46990 - Type : OS-OTHER - Revision : 1 |
| 2018-07-10 | Microsoft Windows Interrupt Service Routine stack rollback attempt RuleID : 46910 - Type : INDICATOR-COMPROMISE - Revision : 2 |
| 2018-07-10 | Microsoft Windows Interrupt Service Routine stack rollback attempt RuleID : 46909 - Type : INDICATOR-COMPROMISE - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO |
| 2019-01-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1633.nasl - Type: ACT_GATHER_INFO |
| 2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-242f6c1a41.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-55b875c1ac.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a7ac26523d.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-bdc5bfaedc.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1114.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1115.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1116.nasl - Type: ACT_GATHER_INFO |
| 2018-12-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO |
| 2018-11-30 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Fedora host is missing a security update. File: fedora_2018-192148f4ff.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-1577.nasl - Type: ACT_GATHER_INFO |
| 2018-11-06 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-309-01.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1.nasl - Type: ACT_GATHER_INFO |
