OS X vulnerabilities: known CVEs & security history
Apple · Actively exploited · 2000 tracked CVEs · 30 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all OS X release lines — 2000 in total, with 30 actively exploited in the wild. A CVE here doesn't mean your version is affected — check OS X's current status and the safe version to run.
Known OS X CVEs
Actively-exploited and most-severe first. Showing the top 80 of 2000. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2015-3043⚡ exploited | critical | 9.8 | 80% | 2015 |
| CVE-2015-0313⚡ exploited | critical | 9.8 | 96% | 2015 |
| CVE-2015-0311⚡ exploited | critical | 9.8 | 86% | 2015 |
| CVE-2014-7169⚡ exploited | critical | 9.8 | 100% | 2014 |
| CVE-2014-6271⚡ exploited | critical | 9.8 | 100% | 2014 |
| CVE-2014-0497⚡ exploited | critical | 9.8 | 100% | 2014 |
| CVE-2013-0625⚡ exploited | critical | 9.8 | 94% | 2013 |
| CVE-2012-1823⚡ exploited | critical | 9.8 | 100% | 2012 |
| CVE-2011-2462⚡ exploited | critical | 9.8 | 86% | 2011 |
| CVE-2014-8439⚡ exploited | high | 8.8 | 20% | 2014 |
| CVE-2014-0502⚡ exploited | high | 8.8 | 24% | 2014 |
| CVE-2014-0496⚡ exploited | high | 8.8 | 40% | 2014 |
| CVE-2013-0648⚡ exploited | high | 8.8 | 11% | 2013 |
| CVE-2013-0643⚡ exploited | high | 8.8 | 11% | 2013 |
| CVE-2011-0611⚡ exploited | high | 8.8 | 99% | 2011 |
| CVE-2009-3953⚡ exploited | high | 8.8 | 84% | 2010 |
| CVE-2012-0754⚡ exploited | high | 8.1 | 92% | 2012 |
| CVE-2015-1130⚡ exploited | high | 7.8 | 10% | 2015 |
| CVE-2015-0310⚡ exploited | high | 7.8 | 15% | 2015 |
| CVE-2014-9163⚡ exploited | high | 7.8 | 20% | 2014 |
| CVE-2014-4404⚡ exploited | high | 7.8 | 49% | 2014 |
| CVE-2013-0641⚡ exploited | high | 7.8 | 32% | 2013 |
| CVE-2013-0640⚡ exploited | high | 7.8 | 87% | 2013 |
| CVE-2012-1535⚡ exploited | high | 7.8 | 70% | 2012 |
| CVE-2011-0609⚡ exploited | high | 7.8 | 67% | 2011 |
| CVE-2010-1297⚡ exploited | high | 7.8 | 82% | 2010 |
| CVE-2009-4324⚡ exploited | high | 7.8 | 82% | 2009 |
| CVE-2013-0631⚡ exploited | high | 7.5 | 66% | 2013 |
| CVE-2013-0629⚡ exploited | high | 7.5 | 66% | 2013 |
| CVE-2012-0767⚡ exploited | medium | 6.1 | 7% | 2012 |
| CVE-2010-1378 | critical | 9.8 | 1% | 2010 |
| CVE-2010-2941 | critical | 9.8 | 6% | 2010 |
| CVE-2010-0211 | critical | 9.8 | 29% | 2010 |
| CVE-2010-1205 | critical | 9.8 | 43% | 2010 |
| CVE-2009-2422 | critical | 9.8 | 3% | 2009 |
| CVE-2008-0599 | critical | 9.8 | 11% | 2008 |
| CVE-2007-3798 | critical | 9.8 | 70% | 2007 |
| CVE-2005-1689 | critical | 9.8 | 11% | 2005 |
| CVE-2003-0466 | critical | 9.8 | 78% | 2003 |
| CVE-2002-1347 | critical | 9.8 | 7% | 2002 |
| CVE-2001-0766 | critical | 9.8 | 8% | 2001 |
| CVE-2015-3075 | high | 10 | 9% | 2015 |
| CVE-2015-3074 | high | 10 | 10% | 2015 |
| CVE-2015-3073 | high | 10 | 25% | 2015 |
| CVE-2015-3072 | high | 10 | 10% | 2015 |
| CVE-2015-3071 | high | 10 | 10% | 2015 |
| CVE-2015-3070 | high | 10 | 12% | 2015 |
| CVE-2015-3069 | high | 10 | 10% | 2015 |
| CVE-2015-3068 | high | 10 | 10% | 2015 |
| CVE-2015-3067 | high | 10 | 10% | 2015 |
| CVE-2015-3066 | high | 10 | 10% | 2015 |
| CVE-2015-3065 | high | 10 | 10% | 2015 |
| CVE-2015-3064 | high | 10 | 10% | 2015 |
| CVE-2015-3063 | high | 10 | 10% | 2015 |
| CVE-2015-3062 | high | 10 | 10% | 2015 |
| CVE-2015-3061 | high | 10 | 10% | 2015 |
| CVE-2015-3060 | high | 10 | 10% | 2015 |
| CVE-2015-3059 | high | 10 | 10% | 2015 |
| CVE-2015-3057 | high | 10 | 12% | 2015 |
| CVE-2015-3056 | high | 10 | 12% | 2015 |
| CVE-2015-3054 | high | 10 | 10% | 2015 |
| CVE-2015-3053 | high | 10 | 11% | 2015 |
| CVE-2015-3052 | high | 10 | 12% | 2015 |
| CVE-2015-3051 | high | 10 | 12% | 2015 |
| CVE-2015-3050 | high | 10 | 12% | 2015 |
| CVE-2015-3049 | high | 10 | 12% | 2015 |
| CVE-2015-3048 | high | 10 | 14% | 2015 |
| CVE-2015-3046 | high | 10 | 12% | 2015 |
| CVE-2014-9160 | high | 10 | 11% | 2015 |
| CVE-2015-3042 | high | 10 | 37% | 2015 |
| CVE-2015-3041 | high | 10 | 6% | 2015 |
| CVE-2015-3039 | high | 10 | 8% | 2015 |
| CVE-2015-3038 | high | 10 | 7% | 2015 |
| CVE-2015-0360 | high | 10 | 6% | 2015 |
| CVE-2015-0359 | high | 10 | 95% | 2015 |
| CVE-2015-0358 | high | 10 | 10% | 2015 |
| CVE-2015-0356 | high | 10 | 7% | 2015 |
| CVE-2015-0355 | high | 10 | 6% | 2015 |
| CVE-2015-0354 | high | 10 | 6% | 2015 |
| CVE-2015-0353 | high | 10 | 6% | 2015 |
1920 older / lower-severity CVEs not shown — see OS X's full record.
Is my OS X version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your OS X version → · Monitor OS X for new CVEs →
OS X vulnerabilities — frequently asked
How many known vulnerabilities does OS X have?
IsItPatched tracks 2000 CVEs for OS X, 30 of which are actively exploited (CISA KEV). 20 are critical-severity and 1053 high-severity. These span every release line — what matters is whether the version you run is affected.
Does OS X have any actively-exploited vulnerabilities?
Yes — 30 OS X CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild. Patch these as a priority.
What is the most severe OS X vulnerability?
Among tracked issues, CVE-2015-3043 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest — a Out-of-bounds write weakness.
Is OS X safe to use?
It depends on the version. The latest supported OS X release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: OS X security status · OS X end-of-life · actively-exploited CVEs. Always verify against Apple's advisories — see our disclaimer.