This page lists publicly disclosed CVE vulnerabilities affecting apple mail (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-17689 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | [email protected] | 5.9 | 0.45% | 2018-05-16 | 2024-11-21 |
| CVE-2017-17688 | The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification | [email protected] | 5.9 | 2.84% | 2018-05-16 | 2024-11-21 |
| CVE-2010-3887 | The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. | [email protected] | 4.3 | 0.15% | 2010-10-08 | 2026-04-29 |
| CVE-2008-4491 | Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | [email protected] | 5.0 | 0.53% | 2008-10-08 | 2026-04-23 |
| CVE-2008-0039 | Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. | [email protected] | 6.8 | 0.48% | 2008-02-12 | 2026-04-23 |
| CVE-2005-2512 | Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak. | [email protected] | 2.1 | 0.06% | 2005-08-19 | 2026-04-16 |