Current Known Vulnerabilities
I have been tasked with something at work. We are an all Mac shop and I have been asked to provide a list of all "current" known vulnerabilities for Mac OSX. So in other words, if my mac is running 10.13.6 (the latest release) what existing known vulnerabilities out there do my users need to worry about?
What is the best way to accomplish this? Does Apple maintain a list?
Existing bugs in macOS and iOS are valuable and are typically kept secret by those who might want to exploit them.
Apple's Position on Security Issues
Apple does not disclose security issues until they are addressed. This is a deliberate decision and mentioned in security and privacy researchers:
For the protection of our customers, Apple generally does not disclose, discuss, or confirm security issues until a full investigation is complete and any necessary patches or releases are available. Apple distributes information about security issues in its products through security advisories. You can also receive Apple security advisories through our security-announce mailing list.
Security Update Notes and CVE
Recently fixed issues are listed in Apple's security update notes and in the Common Vulnerabilities and Exposures (CVE) site.
Security Advice and Best Practices
You can find third party guides to securing macOS. Apple's own security page is a good starting point.
Guide to Securing Apple OS
See the NIST Security Configuration Checklist's Guide to Securing Apple OS X 10.10 Systems for IT Professionals for a practical list of steps and advice regarding how to secure your Macs at work.
macOS Security and Privacy Guide
Another useful guide to macOS security best practices and current threat management is drhuh's macOS-Security-and-Privacy-Guide.
It's Apple's policy to not comment on security vulnerabilities until they are patched, and even when they do, they are often quite vague about it.
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
To find information about existing vulnerabilties, visit the CVE (Common Vulnerabilities and Exposures) website: http://cve.mitre.org
Using the search function on the site, you can find (for instance) any vulnerability with the keyword "Apple"