Apple macOS and iOS Vulnerabilities

Attack Mobile Penetration Testing

Apple has a strong reputation for security. Even so, all software has flaws, no matter how carefully you test it. lists over 4,000 vulnerabilities related to Apple products, with over 2,000 attributed to Mac OS X and over 1,400 related to iPhone iOS. Both the phone and desktop operating systems derive some of their code base from BSD, and as such often share the same vulnerabilities. Like other platforms, Apple operating systems are subject to all of the usual vulnerabilities (DoS, code execution, overflows, memory corruption, user error, etc.). Users often jailbreak their phones to bypass security restrictions and install unauthorized apps. lists over 500 Apple-related exploits, and Metasploit has nearly 40 Apple modules. The iPhone also shares the same generic vulnerabilities as the Android (theft, weak or no passwords on older devices, lack of endpoint security, social engineering and scareware, added risks through jailbreaking, and the like).

Here are some well-known Apple vulnerabilities. Not all have CVE numbers.



Kernel Memory Corruption

This kernel flaw allows attackers to execute arbitrary code or cause a denial of service. Affects iOS versions prior to 11.3, and macOS prior to 10.13.4. CVE-2018-4150.

Graphics Driver vulnerability

This graphics driver bug allows attackers to execute arbitrary code or cause a denial of service. Affects iOS versions prior to 11.2.5. CVE-2018-4109.

IOMobileFrameBuffer vulnerability

A weakness in the kernel extension used to manage the screen frame buffer allows attackers to execute arbitrary code. Affects iOS prior to 11.2. CVE-2017-13879.

High Sierra Bug

This 2017 bug allows anyone to log in to macOS High Sierra as root with no password.


Plugging your iPhone into this malicious USB charger will inject persistent malware into your device.

Jailbroken iPhone

Jailbreaking an iPhone overwrites its firmware, thus bypassing security controls such as digital signature enforcement. This gives users root privilege so they can install unauthorized applications. Unfortunately, Trojanized apps such as KeyRaider (which steals Apple accounts and certificates) can also be installed.


This hardware-based bootkit overwrites OS X firmware. It is spread through maliciously modified peripheral devices that plug into the Thunderbolt interface. CVE-2014-4498.

iCloud API vulnerability

A series of iCloud attacks (“Celebgate”) resulted in the theft of about 500 private celebrity photos. Although it was later revealed that the passwords were gained through spear phishing attacks, the incident uncovered a weakness in the iCloud API that would allow unlimited password brute forcing.

MaControl Backdoor

An advanced persistent threat backdoor that has had several variations and delivery mechanisms (including Trojanized apps and social engineering). When installed, it connects to a command and control (CnC) in China to receive instructions.

Note: Many of the vulnerabilities previously listed also affect watchOS and tvOS.

Leave a Reply

Your email address will not be published. Required fields are marked *