Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-28957 (GCVE-0-2026-28957)
Vulnerability from cvelistv5 – Published: 2026-05-11 20:08 – Updated: 2026-05-12 20:37
VLAI?
EPSS
Summary
An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen.
Severity ?
CWE
- An app may be able to capture a user's screen
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.7.9
(custom)
Affected: 0 , < 26.5 (custom) |
|
| Apple | visionOS |
Affected:
0 , < 26.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T20:37:43.618890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T20:37:52.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7.9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user\u0027s screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to capture a user\u0027s screen",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:08:43.466Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/127110"
},
{
"url": "https://support.apple.com/en-us/127111"
},
{
"url": "https://support.apple.com/en-us/127120"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2026-28957",
"datePublished": "2026-05-11T20:08:43.466Z",
"dateReserved": "2026-03-03T16:36:03.991Z",
"dateUpdated": "2026-05-12T20:37:52.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-28957",
"date": "2026-05-13",
"epss": "0.0001",
"percentile": "0.01222"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-28957\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2026-05-11T21:18:56.780\",\"lastModified\":\"2026-05-13T14:36:41.723\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user\u0027s screen.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.7.9\",\"matchCriteriaId\":\"F3968B76-E6DE-416D-A0FB-E4833FFAAE0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.5\",\"matchCriteriaId\":\"20644D7E-2AB6-48CA-AED4-C474A9867986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.7.9\",\"matchCriteriaId\":\"B6431EAF-B395-4C19-9AB6-A2F45991C897\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.5\",\"matchCriteriaId\":\"1BE54A3B-D667-43BA-AB71-BCF8438054E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.5\",\"matchCriteriaId\":\"C8F45D80-0DF8-444E-9AF1-703A1075F046\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/127110\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/127111\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/127120\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-28957\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-12T20:37:43.618890Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-12T20:37:31.981Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"18.7.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"visionOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.5\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/127110\"}, {\"url\": \"https://support.apple.com/en-us/127111\"}, {\"url\": \"https://support.apple.com/en-us/127120\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user\u0027s screen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"An app may be able to capture a user\u0027s screen\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2026-05-11T20:08:43.466Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-28957\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T20:37:52.893Z\", \"dateReserved\": \"2026-03-03T16:36:03.991Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2026-05-11T20:08:43.466Z\", \"assignerShortName\": \"apple\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-28957
Vulnerability from fkie_nvd - Published: 2026-05-11 21:18 - Updated: 2026-05-13 14:36
Severity ?
Summary
An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/127110 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/127111 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/127120 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3968B76-E6DE-416D-A0FB-E4833FFAAE0F",
"versionEndExcluding": "18.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20644D7E-2AB6-48CA-AED4-C474A9867986",
"versionEndExcluding": "26.5",
"versionStartIncluding": "26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6431EAF-B395-4C19-9AB6-A2F45991C897",
"versionEndExcluding": "18.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE54A3B-D667-43BA-AB71-BCF8438054E0",
"versionEndExcluding": "26.5",
"versionStartIncluding": "26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F45D80-0DF8-444E-9AF1-703A1075F046",
"versionEndExcluding": "26.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user\u0027s screen."
}
],
"id": "CVE-2026-28957",
"lastModified": "2026-05-13T14:36:41.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-05-11T21:18:56.780",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/127110"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/127111"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/127120"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
NCSC-2026-0138
Vulnerability from csaf_ncscnl - Published: 2026-05-12 12:18 - Updated: 2026-05-12 12:18Summary
Kwetsbaarheden verholpen in Apple iOS en iPadOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Apple heeft meerdere kwetsbaarheden verholpen in diverse versies van iOS en iPadOS
Interpretaties: De kwetsbaarheden betreffen onder andere onjuiste geheugenbeheermechanismen zoals use-after-free, buffer overflows, out-of-bounds reads en writes, race conditions, type confusion, null pointer dereferences, en onvoldoende inputvalidatie. Deze kunnen leiden tot onverwachte applicatie- of systeemcrashes, denial-of-service, ongeautoriseerde toegang tot gevoelige gebruikers- of kerneldata, privilege-escalatie, en het omzeilen van beveiligingsmechanismen zoals Content Security Policy en sandboxing. Sommige kwetsbaarheden maken het mogelijk dat een aanvaller code met kernel-privileges uitvoert of systeemstabiliteit verstoort. De problemen kunnen worden geactiveerd door het verwerken van speciaal vervaardigde bestanden, webcontent, of netwerkverkeer. De fixes omvatten verbeterde validatie, strengere toegangscontroles, en verbeterde geheugen- en state managementmechanismen.
Oplossingen: Apple heeft updates uitgebracht voor iOS en iPadOS om deze kwetsbaarheden te verhelpen. Gebruikers wordt geadviseerd deze updates te installeren om de beveiliging en stabiliteit van hun systemen te waarborgen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
CWE-404: Improper Resource Shutdown or Release
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-805: Buffer Access with Incorrect Length Value
Multiple vulnerabilities in libjxl and open source code affecting Apple Software allow specially crafted image files to cause uninitialized memory read/write and denial-of-service conditions.
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds write vulnerability allowing arbitrary code execution with kernel privileges was fixed by improved bounds checking in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A buffer overflow vulnerability causing unexpected app termination has been fixed with improved bounds checking across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An information leakage vulnerability allowing unauthorized access to sensitive user data was fixed by implementing additional validation across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Tahoe 26.4.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A resource exhaustion vulnerability in iOS and iPadOS versions 18.7.9 and 26.4 was mitigated through improved input validation to prevent denial-of-service attacks by remote attackers.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue in iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, and iPadOS 26.4 allowed apps to bypass App Privacy Report logging, which was resolved by implementing additional entitlement checks.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An authorization vulnerability allowing unauthorized access to sensitive user data was resolved through enhanced state management across multiple Apple operating systems including iOS, iPadOS, macOS, visionOS, and watchOS.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A vulnerability allowing apps to enumerate a user's installed applications was addressed through enhanced verification checks across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.
4.0 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use-after-free vulnerability causing potential process crashes when processing malicious web content was fixed in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS 26.5 through improved memory management.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A denial-of-service vulnerability in iOS 26.4, iPadOS 26.4, and multiple macOS versions was mitigated by improved input validation to prevent remote attackers from causing service disruption.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A buffer overflow vulnerability in multiple Apple OS versions was fixed by enhancing input validation to prevent local users from causing unexpected system termination or accessing kernel memory.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing unexpected process crashes when handling malicious web content was resolved through improved memory management in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An IP address tracking vulnerability affecting multiple Apple operating systems was resolved through improved state management in versions including iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, and visionOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An input validation flaw allowing Content Security Policy enforcement bypass was resolved in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing unexpected process crashes due to maliciously crafted web content was resolved by improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An input validation flaw causing unexpected process crashes when handling malicious web content was resolved in multiple Apple operating systems including iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions 18.7.9 and 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds access vulnerability was addressed by enhancing bounds checking to prevent unexpected application termination when parsing maliciously crafted files across multiple Apple operating systems.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An information leakage vulnerability caused by visiting malicious websites was addressed through additional validation in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic flaw causing remote images to display when replying to emails in Mail's Lockdown Mode was fixed with enhanced checks in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing unexpected application termination when processing maliciously crafted files was resolved through enhanced validation checks in multiple Apple operating systems including iOS, iPadOS, macOS, and visionOS.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory corruption vulnerability triggered by processing maliciously crafted images was addressed through enhanced memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and visionOS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple has addressed a denial-of-service and potential memory disclosure vulnerability caused by processing malicious files through enhanced validation in iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, and macOS Tahoe 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logging issue was fixed by enhancing data redaction across multiple OS versions to prevent applications from determining the kernel memory layout.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory handling flaw causing unexpected process crashes when processing malicious web content was resolved in iOS 16.5, iPadOS 16.5, macOS Tahoe 16.5, and visionOS 16.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logging issue causing notifications marked for deletion to be unexpectedly retained on iOS and iPadOS devices was resolved by enhancing data redaction across multiple versions.
6.2 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An authorization vulnerability allowing an app to gain root privileges was resolved through improved state management across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and various macOS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An integer overflow vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by enhancing input validation to prevent apps from causing unexpected system termination.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A file quarantine bypass vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by adding additional checks to prevent malicious disk images from bypassing Gatekeeper.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory corruption vulnerability caused by processing malicious media files was fixed through improved input validation in multiple Apple OS versions, including iOS 16.5 and macOS Sequoia 15.7.7, preventing app crashes and memory corruption.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A vulnerability allowing applications to capture user screen content via camera metadata was addressed in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, and visionOS 26.5 through enhanced logic controls.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple fixed a vulnerability in iOS 16.5, iPadOS 16.5, macOS Sonoma 14.5, and visionOS 16.5 that previously allowed apps to access sensitive user data by enhancing data protection mechanisms.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A buffer overflow vulnerability affecting multiple OS versions was fixed by enhancing bounds checking to prevent applications from causing unexpected system termination.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A vulnerability allowing disclosure of sensitive user information via malicious web content was addressed by enhanced access restrictions in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A privacy vulnerability in iOS 26.5 and iPadOS 26.5 allowed attackers with physical access to exploit Visual Intelligence during iPhone Mirroring to access sensitive data, which was remediated by removing the vulnerable code.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An inconsistent user interface issue in iOS 16.5, iPadOS 16.5, and visionOS 16.5 that could allow an app to access sensitive user data was resolved through improved state management.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A privacy vulnerability in iOS 26.5 and iPadOS 26.5 that allowed users to access restricted content from the lock screen has been addressed through enhanced verification mechanisms.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use after free vulnerability was fixed through improved memory management in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unexpected system termination caused by apps.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A malicious iframe exploiting download settings was addressed by improved UI handling and fixed in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds write vulnerability affecting multiple Apple operating systems was fixed by improved input validation to prevent apps from causing unexpected system termination or writing kernel memory.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing denial-of-service was resolved through enhanced validation checks in iOS 26.5, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Improved bounds checks resolved an issue causing unexpected application termination when processing maliciously crafted files across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A type confusion vulnerability was addressed with enhanced validation checks in multiple operating systems, including iOS 18.7.9 and macOS Tahoe 26.5, preventing remote attackers from causing denial of service conditions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A null pointer dereference vulnerability in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5 was fixed by improving input validation to prevent local network attackers from causing denial-of-service conditions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A race condition vulnerability was resolved through additional validation across multiple OS versions to prevent applications from causing unexpected system termination.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logging issue in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, was fixed by improving data redaction to prevent apps from leaking sensitive kernel state information.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A permissions vulnerability allowing apps to bypass certain Privacy preferences was resolved with additional restrictions in iOS 16.5, iPadOS 16.5, macOS Sonoma 16.5, visionOS 16.5, and watchOS 16.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory corruption vulnerability caused by processing a maliciously crafted image was resolved through improved memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds read vulnerability in iOS 26.5 and related OS versions was fixed by implementing improved bounds checking to prevent potential denial-of-service attacks.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory corruption vulnerability in multiple Apple operating systems was fixed by enhancing locking mechanisms to prevent attackers from causing unexpected application termination.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue where apps could access user-sensitive data was addressed by introducing an additional user consent prompt across multiple OS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use after free vulnerability in Wi-Fi packet processing, exploitable by attackers in privileged network positions to cause denial-of-service, was fixed through improved memory management in multiple Apple OS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue was resolved by implementing enhanced restrictions across multiple Apple OS versions to prevent malicious applications from escaping their sandbox environments.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A race condition vulnerability allowing unauthorized app access to sensitive user data was fixed with additional validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory handling flaw causing process termination when processing malicious audio streams was fixed across multiple Apple OS versions including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A denial-of-service vulnerability exploitable by a local network attacker was fixed through improved memory handling in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sonoma 14.8.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A kernel memory disclosure vulnerability was resolved through enhanced memory handling across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds read vulnerability was addressed through enhanced bounds checking in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5 to prevent unexpected system termination and unauthorized kernel memory access.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds write vulnerability in iOS, iPadOS, and macOS caused by parsing maliciously crafted files was fixed by improving input validation to prevent unexpected application termination.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory handling flaw causing Safari to crash when processing malicious web content was resolved in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A race condition vulnerability was addressed through additional validation in multiple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unauthorized access to sensitive user data by applications.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple has fixed a validation issue in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS that could allow malicious web content to bypass Content Security Policy enforcement in their 26.5 and 18.7.9 updates.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A buffer overflow vulnerability in iOS, iPadOS, macOS Tahoe, tvOS, and watchOS 26.5 was fixed by enhancing memory handling to prevent process memory corruption from maliciously crafted images.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds write vulnerability in multiple Apple operating systems, including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7, was fixed by improved bounds checking to prevent local network denial-of-service attacks.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use after free vulnerability in multiple Apple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, could allow a remote attacker to cause unexpected system termination or kernel memory corruption.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
References
78 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft meerdere kwetsbaarheden verholpen in diverse versies van iOS en iPadOS",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden betreffen onder andere onjuiste geheugenbeheermechanismen zoals use-after-free, buffer overflows, out-of-bounds reads en writes, race conditions, type confusion, null pointer dereferences, en onvoldoende inputvalidatie. Deze kunnen leiden tot onverwachte applicatie- of systeemcrashes, denial-of-service, ongeautoriseerde toegang tot gevoelige gebruikers- of kerneldata, privilege-escalatie, en het omzeilen van beveiligingsmechanismen zoals Content Security Policy en sandboxing. Sommige kwetsbaarheden maken het mogelijk dat een aanvaller code met kernel-privileges uitvoert of systeemstabiliteit verstoort. De problemen kunnen worden geactiveerd door het verwerken van speciaal vervaardigde bestanden, webcontent, of netwerkverkeer. De fixes omvatten verbeterde validatie, strengere toegangscontroles, en verbeterde geheugen- en state managementmechanismen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht voor iOS en iPadOS om deze kwetsbaarheden te verhelpen. Gebruikers wordt geadviseerd deze updates te installeren om de beveiliging en stabiliteit van hun systemen te waarborgen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Buffer Access with Incorrect Length Value",
"title": "CWE-805"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127110"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127111"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127112"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127113"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127114"
}
],
"title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
"tracking": {
"current_release_date": "2026-05-12T12:18:59.723533Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0138",
"initial_release_date": "2026-05-12T12:18:59.723533Z",
"revision_history": [
{
"date": "2026-05-12T12:18:59.723533Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "iOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1837",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "other",
"text": "Buffer Access with Incorrect Length Value",
"title": "CWE-805"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities in libjxl and open source code affecting Apple Software allow specially crafted image files to cause uninitialized memory read/write and denial-of-service conditions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-1837 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-1837.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-1837"
},
{
"cve": "CVE-2026-28819",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability allowing arbitrary code execution with kernel privileges was fixed by improved bounds checking in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28819 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28819.json"
}
],
"title": "CVE-2026-28819"
},
{
"cve": "CVE-2026-28846",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability causing unexpected app termination has been fixed with improved bounds checking across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28846 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28846.json"
}
],
"title": "CVE-2026-28846"
},
{
"cve": "CVE-2026-28847",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28847 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28847.json"
}
],
"title": "CVE-2026-28847"
},
{
"cve": "CVE-2026-28870",
"notes": [
{
"category": "description",
"text": "An information leakage vulnerability allowing unauthorized access to sensitive user data was fixed by implementing additional validation across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Tahoe 26.4.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28870 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28870.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-28870"
},
{
"cve": "CVE-2026-28872",
"notes": [
{
"category": "description",
"text": "A resource exhaustion vulnerability in iOS and iPadOS versions 18.7.9 and 26.4 was mitigated through improved input validation to prevent denial-of-service attacks by remote attackers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28872 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28872.json"
}
],
"title": "CVE-2026-28872"
},
{
"cve": "CVE-2026-28873",
"notes": [
{
"category": "description",
"text": "An issue in iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, and iPadOS 26.4 allowed apps to bypass App Privacy Report logging, which was resolved by implementing additional entitlement checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28873 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28873.json"
}
],
"title": "CVE-2026-28873"
},
{
"cve": "CVE-2026-28877",
"notes": [
{
"category": "description",
"text": "An authorization vulnerability allowing unauthorized access to sensitive user data was resolved through enhanced state management across multiple Apple operating systems including iOS, iPadOS, macOS, visionOS, and watchOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28877 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28877.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-28877"
},
{
"cve": "CVE-2026-28882",
"notes": [
{
"category": "description",
"text": "A vulnerability allowing apps to enumerate a user\u0027s installed applications was addressed through enhanced verification checks across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28882 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28882.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-28882"
},
{
"cve": "CVE-2026-28883",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability causing potential process crashes when processing malicious web content was fixed in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS 26.5 through improved memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28883 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28883.json"
}
],
"title": "CVE-2026-28883"
},
{
"cve": "CVE-2026-28894",
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability in iOS 26.4, iPadOS 26.4, and multiple macOS versions was mitigated by improved input validation to prevent remote attackers from causing service disruption.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28894 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28894.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-28894"
},
{
"cve": "CVE-2026-28897",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability in multiple Apple OS versions was fixed by enhancing input validation to prevent local users from causing unexpected system termination or accessing kernel memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28897 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28897.json"
}
],
"title": "CVE-2026-28897"
},
{
"cve": "CVE-2026-28901",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28901.json"
}
],
"title": "CVE-2026-28901"
},
{
"cve": "CVE-2026-28902",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28902 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28902.json"
}
],
"title": "CVE-2026-28902"
},
{
"cve": "CVE-2026-28903",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28903 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28903.json"
}
],
"title": "CVE-2026-28903"
},
{
"cve": "CVE-2026-28904",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28904 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28904.json"
}
],
"title": "CVE-2026-28904"
},
{
"cve": "CVE-2026-28905",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes when handling malicious web content was resolved through improved memory management in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28905 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28905.json"
}
],
"title": "CVE-2026-28905"
},
{
"cve": "CVE-2026-28906",
"notes": [
{
"category": "description",
"text": "An IP address tracking vulnerability affecting multiple Apple operating systems was resolved through improved state management in versions including iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28906 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28906.json"
}
],
"title": "CVE-2026-28906"
},
{
"cve": "CVE-2026-28907",
"notes": [
{
"category": "description",
"text": "An input validation flaw allowing Content Security Policy enforcement bypass was resolved in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28907 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28907.json"
}
],
"title": "CVE-2026-28907"
},
{
"cve": "CVE-2026-28913",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes due to maliciously crafted web content was resolved by improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28913 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28913.json"
}
],
"title": "CVE-2026-28913"
},
{
"cve": "CVE-2026-28917",
"notes": [
{
"category": "description",
"text": "An input validation flaw causing unexpected process crashes when handling malicious web content was resolved in multiple Apple operating systems including iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions 18.7.9 and 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28917 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28917.json"
}
],
"title": "CVE-2026-28917"
},
{
"cve": "CVE-2026-28918",
"notes": [
{
"category": "description",
"text": "An out-of-bounds access vulnerability was addressed by enhancing bounds checking to prevent unexpected application termination when parsing maliciously crafted files across multiple Apple operating systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28918.json"
}
],
"title": "CVE-2026-28918"
},
{
"cve": "CVE-2026-28920",
"notes": [
{
"category": "description",
"text": "An information leakage vulnerability caused by visiting malicious websites was addressed through additional validation in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28920 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28920.json"
}
],
"title": "CVE-2026-28920"
},
{
"cve": "CVE-2026-28929",
"notes": [
{
"category": "description",
"text": "A logic flaw causing remote images to display when replying to emails in Mail\u0027s Lockdown Mode was fixed with enhanced checks in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28929 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28929.json"
}
],
"title": "CVE-2026-28929"
},
{
"cve": "CVE-2026-28936",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected application termination when processing maliciously crafted files was resolved through enhanced validation checks in multiple Apple operating systems including iOS, iPadOS, macOS, and visionOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28936 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28936.json"
}
],
"title": "CVE-2026-28936"
},
{
"cve": "CVE-2026-28940",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability triggered by processing maliciously crafted images was addressed through enhanced memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and visionOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28940 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28940.json"
}
],
"title": "CVE-2026-28940"
},
{
"cve": "CVE-2026-28941",
"notes": [
{
"category": "description",
"text": "Apple has addressed a denial-of-service and potential memory disclosure vulnerability caused by processing malicious files through enhanced validation in iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, and macOS Tahoe 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28941 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28941.json"
}
],
"title": "CVE-2026-28941"
},
{
"cve": "CVE-2026-28942",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28942 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28942.json"
}
],
"title": "CVE-2026-28942"
},
{
"cve": "CVE-2026-28943",
"notes": [
{
"category": "description",
"text": "A logging issue was fixed by enhancing data redaction across multiple OS versions to prevent applications from determining the kernel memory layout.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28943 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28943.json"
}
],
"title": "CVE-2026-28943"
},
{
"cve": "CVE-2026-28944",
"notes": [
{
"category": "description",
"text": "A memory handling flaw causing unexpected process crashes when processing malicious web content was resolved in iOS 16.5, iPadOS 16.5, macOS Tahoe 16.5, and visionOS 16.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28944 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28944.json"
}
],
"title": "CVE-2026-28944"
},
{
"cve": "CVE-2026-28947",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28947 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28947.json"
}
],
"title": "CVE-2026-28947"
},
{
"cve": "CVE-2026-28950",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "description",
"text": "A logging issue causing notifications marked for deletion to be unexpectedly retained on iOS and iPadOS devices was resolved by enhancing data redaction across multiple versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28950 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28950.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-28950"
},
{
"cve": "CVE-2026-28951",
"notes": [
{
"category": "description",
"text": "An authorization vulnerability allowing an app to gain root privileges was resolved through improved state management across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and various macOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28951 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28951.json"
}
],
"title": "CVE-2026-28951"
},
{
"cve": "CVE-2026-28952",
"notes": [
{
"category": "description",
"text": "An integer overflow vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by enhancing input validation to prevent apps from causing unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28952 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28952.json"
}
],
"title": "CVE-2026-28952"
},
{
"cve": "CVE-2026-28953",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28953 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28953.json"
}
],
"title": "CVE-2026-28953"
},
{
"cve": "CVE-2026-28954",
"notes": [
{
"category": "description",
"text": "A file quarantine bypass vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by adding additional checks to prevent malicious disk images from bypassing Gatekeeper.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28954 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28954.json"
}
],
"title": "CVE-2026-28954"
},
{
"cve": "CVE-2026-28955",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28955 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28955.json"
}
],
"title": "CVE-2026-28955"
},
{
"cve": "CVE-2026-28956",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability caused by processing malicious media files was fixed through improved input validation in multiple Apple OS versions, including iOS 16.5 and macOS Sequoia 15.7.7, preventing app crashes and memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28956 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28956.json"
}
],
"title": "CVE-2026-28956"
},
{
"cve": "CVE-2026-28957",
"notes": [
{
"category": "description",
"text": "A vulnerability allowing applications to capture user screen content via camera metadata was addressed in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, and visionOS 26.5 through enhanced logic controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28957 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28957.json"
}
],
"title": "CVE-2026-28957"
},
{
"cve": "CVE-2026-28958",
"notes": [
{
"category": "description",
"text": "Apple fixed a vulnerability in iOS 16.5, iPadOS 16.5, macOS Sonoma 14.5, and visionOS 16.5 that previously allowed apps to access sensitive user data by enhancing data protection mechanisms.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28958 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28958.json"
}
],
"title": "CVE-2026-28958"
},
{
"cve": "CVE-2026-28959",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability affecting multiple OS versions was fixed by enhancing bounds checking to prevent applications from causing unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28959 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28959.json"
}
],
"title": "CVE-2026-28959"
},
{
"cve": "CVE-2026-28962",
"notes": [
{
"category": "description",
"text": "A vulnerability allowing disclosure of sensitive user information via malicious web content was addressed by enhanced access restrictions in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28962.json"
}
],
"title": "CVE-2026-28962"
},
{
"cve": "CVE-2026-28963",
"notes": [
{
"category": "description",
"text": "A privacy vulnerability in iOS 26.5 and iPadOS 26.5 allowed attackers with physical access to exploit Visual Intelligence during iPhone Mirroring to access sensitive data, which was remediated by removing the vulnerable code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28963 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28963.json"
}
],
"title": "CVE-2026-28963"
},
{
"cve": "CVE-2026-28964",
"notes": [
{
"category": "description",
"text": "An inconsistent user interface issue in iOS 16.5, iPadOS 16.5, and visionOS 16.5 that could allow an app to access sensitive user data was resolved through improved state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28964 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28964.json"
}
],
"title": "CVE-2026-28964"
},
{
"cve": "CVE-2026-28965",
"notes": [
{
"category": "description",
"text": "A privacy vulnerability in iOS 26.5 and iPadOS 26.5 that allowed users to access restricted content from the lock screen has been addressed through enhanced verification mechanisms.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28965.json"
}
],
"title": "CVE-2026-28965"
},
{
"cve": "CVE-2026-28969",
"notes": [
{
"category": "description",
"text": "A use after free vulnerability was fixed through improved memory management in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unexpected system termination caused by apps.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28969 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28969.json"
}
],
"title": "CVE-2026-28969"
},
{
"cve": "CVE-2026-28971",
"notes": [
{
"category": "description",
"text": "A malicious iframe exploiting download settings was addressed by improved UI handling and fixed in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28971 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28971.json"
}
],
"title": "CVE-2026-28971"
},
{
"cve": "CVE-2026-28972",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability affecting multiple Apple operating systems was fixed by improved input validation to prevent apps from causing unexpected system termination or writing kernel memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28972 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28972.json"
}
],
"title": "CVE-2026-28972"
},
{
"cve": "CVE-2026-28974",
"notes": [
{
"category": "description",
"text": "An issue causing denial-of-service was resolved through enhanced validation checks in iOS 26.5, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28974 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28974.json"
}
],
"title": "CVE-2026-28974"
},
{
"cve": "CVE-2026-28977",
"notes": [
{
"category": "description",
"text": "Improved bounds checks resolved an issue causing unexpected application termination when processing maliciously crafted files across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28977 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28977.json"
}
],
"title": "CVE-2026-28977"
},
{
"cve": "CVE-2026-28983",
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was addressed with enhanced validation checks in multiple operating systems, including iOS 18.7.9 and macOS Tahoe 26.5, preventing remote attackers from causing denial of service conditions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28983 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28983.json"
}
],
"title": "CVE-2026-28983"
},
{
"cve": "CVE-2026-28985",
"notes": [
{
"category": "description",
"text": "A null pointer dereference vulnerability in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5 was fixed by improving input validation to prevent local network attackers from causing denial-of-service conditions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28985 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28985.json"
}
],
"title": "CVE-2026-28985"
},
{
"cve": "CVE-2026-28986",
"notes": [
{
"category": "description",
"text": "A race condition vulnerability was resolved through additional validation across multiple OS versions to prevent applications from causing unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28986 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28986.json"
}
],
"title": "CVE-2026-28986"
},
{
"cve": "CVE-2026-28987",
"notes": [
{
"category": "description",
"text": "A logging issue in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, was fixed by improving data redaction to prevent apps from leaking sensitive kernel state information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28987 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28987.json"
}
],
"title": "CVE-2026-28987"
},
{
"cve": "CVE-2026-28988",
"notes": [
{
"category": "description",
"text": "A permissions vulnerability allowing apps to bypass certain Privacy preferences was resolved with additional restrictions in iOS 16.5, iPadOS 16.5, macOS Sonoma 16.5, visionOS 16.5, and watchOS 16.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28988.json"
}
],
"title": "CVE-2026-28988"
},
{
"cve": "CVE-2026-28990",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability caused by processing a maliciously crafted image was resolved through improved memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28990.json"
}
],
"title": "CVE-2026-28990"
},
{
"cve": "CVE-2026-28991",
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability in iOS 26.5 and related OS versions was fixed by implementing improved bounds checking to prevent potential denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28991 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28991.json"
}
],
"title": "CVE-2026-28991"
},
{
"cve": "CVE-2026-28992",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability in multiple Apple operating systems was fixed by enhancing locking mechanisms to prevent attackers from causing unexpected application termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28992 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28992.json"
}
],
"title": "CVE-2026-28992"
},
{
"cve": "CVE-2026-28993",
"notes": [
{
"category": "description",
"text": "An issue where apps could access user-sensitive data was addressed by introducing an additional user consent prompt across multiple OS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28993 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28993.json"
}
],
"title": "CVE-2026-28993"
},
{
"cve": "CVE-2026-28994",
"notes": [
{
"category": "description",
"text": "A use after free vulnerability in Wi-Fi packet processing, exploitable by attackers in privileged network positions to cause denial-of-service, was fixed through improved memory management in multiple Apple OS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28994 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28994.json"
}
],
"title": "CVE-2026-28994"
},
{
"cve": "CVE-2026-28995",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved by implementing enhanced restrictions across multiple Apple OS versions to prevent malicious applications from escaping their sandbox environments.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28995 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28995.json"
}
],
"title": "CVE-2026-28995"
},
{
"cve": "CVE-2026-28996",
"notes": [
{
"category": "description",
"text": "A race condition vulnerability allowing unauthorized app access to sensitive user data was fixed with additional validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28996 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28996.json"
}
],
"title": "CVE-2026-28996"
},
{
"cve": "CVE-2026-39869",
"notes": [
{
"category": "description",
"text": "A memory handling flaw causing process termination when processing malicious audio streams was fixed across multiple Apple OS versions including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-39869 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-39869.json"
}
],
"title": "CVE-2026-39869"
},
{
"cve": "CVE-2026-43653",
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability exploitable by a local network attacker was fixed through improved memory handling in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sonoma 14.8.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43653 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43653.json"
}
],
"title": "CVE-2026-43653"
},
{
"cve": "CVE-2026-43654",
"notes": [
{
"category": "description",
"text": "A kernel memory disclosure vulnerability was resolved through enhanced memory handling across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43654 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43654.json"
}
],
"title": "CVE-2026-43654"
},
{
"cve": "CVE-2026-43655",
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability was addressed through enhanced bounds checking in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5 to prevent unexpected system termination and unauthorized kernel memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43655 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43655.json"
}
],
"title": "CVE-2026-43655"
},
{
"cve": "CVE-2026-43656",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in iOS, iPadOS, and macOS caused by parsing maliciously crafted files was fixed by improving input validation to prevent unexpected application termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43656 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43656.json"
}
],
"title": "CVE-2026-43656"
},
{
"cve": "CVE-2026-43658",
"notes": [
{
"category": "description",
"text": "A memory handling flaw causing Safari to crash when processing malicious web content was resolved in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43658 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43658.json"
}
],
"title": "CVE-2026-43658"
},
{
"cve": "CVE-2026-43659",
"notes": [
{
"category": "description",
"text": "A race condition vulnerability was addressed through additional validation in multiple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unauthorized access to sensitive user data by applications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43659 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43659.json"
}
],
"title": "CVE-2026-43659"
},
{
"cve": "CVE-2026-43660",
"notes": [
{
"category": "description",
"text": "Apple has fixed a validation issue in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS that could allow malicious web content to bypass Content Security Policy enforcement in their 26.5 and 18.7.9 updates.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43660 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43660.json"
}
],
"title": "CVE-2026-43660"
},
{
"cve": "CVE-2026-43661",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability in iOS, iPadOS, macOS Tahoe, tvOS, and watchOS 26.5 was fixed by enhancing memory handling to prevent process memory corruption from maliciously crafted images.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43661 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43661.json"
}
],
"title": "CVE-2026-43661"
},
{
"cve": "CVE-2026-43666",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in multiple Apple operating systems, including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7, was fixed by improved bounds checking to prevent local network denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43666 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43666.json"
}
],
"title": "CVE-2026-43666"
},
{
"cve": "CVE-2026-43668",
"notes": [
{
"category": "description",
"text": "A use after free vulnerability in multiple Apple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, could allow a remote attacker to cause unexpected system termination or kernel memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43668 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43668.json"
}
],
"title": "CVE-2026-43668"
}
]
}
CERTFR-2026-AVI-0563
Vulnerability from certfr_avis - Published: 2026-05-12 - Updated: 2026-05-12
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iPadOS | iPadOS versions antérieures à 26.5 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.7 | ||
| Apple | iPadOS | iPadOS versions antérieures à 15.8.8 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.7 | ||
| Apple | iPadOS | iPadOS versions antérieures à 17.7.11 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.9 | ||
| Apple | tvOS | tvOS versions antérieures à 26.5 | ||
| Apple | visionOS | visionOS versions antérieures à 26.5 | ||
| Apple | iPadOS | iPadOS versions antérieures à 16.7.16 | ||
| Apple | iOS | iOS versions antérieures à 16.7.16 | ||
| Apple | iOS | iOS versions antérieures à 18.7.9 | ||
| Apple | iOS | iOS versions antérieures à 26.5 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.5 | ||
| Apple | watchOS | watchOS versions antérieures à 26.5 | ||
| Apple | iOS | iOS versions antérieures à 15.8.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 15.8.8",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.11",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.9",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 16.7.16",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 16.7.16",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.9",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": " iOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 15.8.8",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-43668",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43668"
},
{
"name": "CVE-2026-28944",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28944"
},
{
"name": "CVE-2026-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1837"
},
{
"name": "CVE-2026-28930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28930"
},
{
"name": "CVE-2026-28976",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28976"
},
{
"name": "CVE-2026-43656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43656"
},
{
"name": "CVE-2026-28988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28988"
},
{
"name": "CVE-2026-28951",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28951"
},
{
"name": "CVE-2026-28901",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28901"
},
{
"name": "CVE-2026-28915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28915"
},
{
"name": "CVE-2026-28965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28965"
},
{
"name": "CVE-2026-28913",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28913"
},
{
"name": "CVE-2026-28987",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28987"
},
{
"name": "CVE-2026-28994",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28994"
},
{
"name": "CVE-2026-28919",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28919"
},
{
"name": "CVE-2026-28882",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28882"
},
{
"name": "CVE-2026-43661",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43661"
},
{
"name": "CVE-2026-28959",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28959"
},
{
"name": "CVE-2026-28873",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28873"
},
{
"name": "CVE-2026-28947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28947"
},
{
"name": "CVE-2026-43658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43658"
},
{
"name": "CVE-2026-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28840"
},
{
"name": "CVE-2026-28920",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28920"
},
{
"name": "CVE-2026-28878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28878"
},
{
"name": "CVE-2026-39871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39871"
},
{
"name": "CVE-2026-28961",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28961"
},
{
"name": "CVE-2026-28907",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28907"
},
{
"name": "CVE-2026-39869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39869"
},
{
"name": "CVE-2025-43524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43524"
},
{
"name": "CVE-2026-28953",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28953"
},
{
"name": "CVE-2026-39870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39870"
},
{
"name": "CVE-2026-28963",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28963"
},
{
"name": "CVE-2026-28936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28936"
},
{
"name": "CVE-2026-28955",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28955"
},
{
"name": "CVE-2026-28977",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28977"
},
{
"name": "CVE-2026-28940",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28940"
},
{
"name": "CVE-2026-28903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28903"
},
{
"name": "CVE-2026-28969",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28969"
},
{
"name": "CVE-2026-28848",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28848"
},
{
"name": "CVE-2026-28957",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28957"
},
{
"name": "CVE-2026-28819",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28819"
},
{
"name": "CVE-2026-28872",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28872"
},
{
"name": "CVE-2026-28846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28846"
},
{
"name": "CVE-2026-28902",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28902"
},
{
"name": "CVE-2026-28917",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28917"
},
{
"name": "CVE-2026-28964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28964"
},
{
"name": "CVE-2026-28894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28894"
},
{
"name": "CVE-2026-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28950"
},
{
"name": "CVE-2026-28986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28986"
},
{
"name": "CVE-2026-28925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28925"
},
{
"name": "CVE-2026-28943",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28943"
},
{
"name": "CVE-2026-28993",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28993"
},
{
"name": "CVE-2026-28924",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28924"
},
{
"name": "CVE-2026-28990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28990"
},
{
"name": "CVE-2026-28918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28918"
},
{
"name": "CVE-2026-28996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28996"
},
{
"name": "CVE-2026-28905",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28905"
},
{
"name": "CVE-2026-28906",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28906"
},
{
"name": "CVE-2026-43655",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43655"
},
{
"name": "CVE-2026-28972",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28972"
},
{
"name": "CVE-2026-28941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28941"
},
{
"name": "CVE-2026-28954",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28954"
},
{
"name": "CVE-2026-28877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28877"
},
{
"name": "CVE-2026-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28956"
},
{
"name": "CVE-2026-28974",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28974"
},
{
"name": "CVE-2026-43652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43652"
},
{
"name": "CVE-2026-28908",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28908"
},
{
"name": "CVE-2026-43654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43654"
},
{
"name": "CVE-2026-28929",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28929"
},
{
"name": "CVE-2026-28971",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28971"
},
{
"name": "CVE-2026-28985",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28985"
},
{
"name": "CVE-2026-28958",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28958"
},
{
"name": "CVE-2026-28995",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28995"
},
{
"name": "CVE-2026-28922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28922"
},
{
"name": "CVE-2026-43653",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43653"
},
{
"name": "CVE-2026-28914",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28914"
},
{
"name": "CVE-2026-28942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28942"
},
{
"name": "CVE-2026-28946",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28946"
},
{
"name": "CVE-2026-28991",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28991"
},
{
"name": "CVE-2026-28952",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28952"
},
{
"name": "CVE-2026-28962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28962"
},
{
"name": "CVE-2026-28983",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28983"
},
{
"name": "CVE-2026-43660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43660"
},
{
"name": "CVE-2026-28904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28904"
},
{
"name": "CVE-2026-28978",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28978"
},
{
"name": "CVE-2026-28992",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28992"
},
{
"name": "CVE-2026-43659",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43659"
},
{
"name": "CVE-2026-28923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28923"
},
{
"name": "CVE-2026-28870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28870"
},
{
"name": "CVE-2026-43666",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43666"
},
{
"name": "CVE-2026-28897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28897"
},
{
"name": "CVE-2026-28883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28883"
},
{
"name": "CVE-2026-28847",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28847"
}
],
"initial_release_date": "2026-05-12T00:00:00",
"last_revision_date": "2026-05-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0563",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127114",
"url": "https://support.apple.com/en-us/127114"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127117",
"url": "https://support.apple.com/en-us/127117"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127115",
"url": "https://support.apple.com/en-us/127115"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127118",
"url": "https://support.apple.com/en-us/127118"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127110",
"url": "https://support.apple.com/en-us/127110"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127111",
"url": "https://support.apple.com/en-us/127111"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127113",
"url": "https://support.apple.com/en-us/127113"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127116",
"url": "https://support.apple.com/en-us/127116"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127119",
"url": "https://support.apple.com/en-us/127119"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127120",
"url": "https://support.apple.com/en-us/127120"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127112",
"url": "https://support.apple.com/en-us/127112"
}
]
}
GHSA-C6GP-37QQ-7F67
Vulnerability from github – Published: 2026-05-11 21:31 – Updated: 2026-05-12 21:31
VLAI?
Details
An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2026-28957"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-11T21:18:56Z",
"severity": "LOW"
},
"details": "An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user\u0027s screen.",
"id": "GHSA-c6gp-37qq-7f67",
"modified": "2026-05-12T21:31:32Z",
"published": "2026-05-11T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28957"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127110"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127111"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127120"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…